Enhancing Software Composition Analysis Resilience Against Contai... Agathe Blaise & Jacopo Bufalino
Agathe Blaise, Jacopo Bufalino
KubeCon + CloudNativeCon Europe 2025 · Session
In the rapidly evolving landscape of containerized applications, **Software Composition Analysis (SCA)** tools are indispensable for identifying vulnerabilities within container images. However, a significant challenge emerges from the practice of **container image obfuscation**, where the contents of an image are intentionally or unintentionally modified in ways that evade detection by these very tools. This talk, presented by Agathe Blaise and Jacopo Bufalino, delves into the resilience of current SCA tools against various obfuscation techniques and proposes a novel approach to enhance their effectiveness.
AI review
This talk by Blaise and Bufalino delivers a critical, technically rigorous analysis of container image obfuscation and its devastating impact on Software Composition Analysis (SCA) tools. They systematically detail various obfuscation techniques, demonstrate how prevalent SCA solutions fail, and provide real-world data on the widespread nature of this problem. Crucially, they introduce ORCA, an open-source tool designed to mitigate these blind spots through deeper layer-by-layer analysis, offering a tangible path forward for improving container security transparency.