Containerization is the mainstream of current software development, which enables software to be used across platforms without additional configuration of running environment. However, many images created by developers are redundant and contain unnecessary code, packages, and components. This excess not only leads to bloated images that are cumbersome to transmit and store but also increases the attack surface, making them more vulnerable to security threats. Therefore, image slimming has emerged as a significant area of interest. Nevertheless, existing image slimming technologies face challenges, particularly regarding the incomplete extraction of environment dependencies required by project code. In this paper, we present a novel image slimming model named {\delta}-SCALPEL. This model employs static data dependency analysis to extract the environment dependencies of the project code and utilizes a data structure called the command linked list for modeling the image's file system. We select 20 NPM projects and two official Docker Hub images to construct a dataset for evaluating {\delta}-SCALPEL. The evaluation results show that {\delta}-SCALPEL can reduce image sizes by up to 61.4% while ensuring the normal operation of these projects.
翻译:容器化是当前软件开发的主流方式,它使得软件能够跨平台使用而无需额外配置运行环境。然而,开发者创建的许多镜像存在冗余,包含了不必要的代码、软件包和组件。这种冗余不仅导致镜像臃肿,难以传输和存储,还扩大了攻击面,使其更容易受到安全威胁。因此,镜像瘦身已成为一个重要的研究方向。然而,现有的镜像瘦身技术面临挑战,尤其是在提取项目代码所需环境依赖的完整性方面。本文提出了一种名为{\delta}-SCALPEL的新型镜像瘦身模型。该模型采用静态数据依赖分析来提取项目代码的环境依赖,并利用一种称为命令链表的数据结构对镜像文件系统进行建模。我们选取了20个NPM项目和两个官方Docker Hub镜像构建数据集,用于评估{\delta}-SCALPEL。评估结果表明,在确保这些项目正常运行的前提下,{\delta}-SCALPEL能够将镜像大小减少高达61.4%。