Vulnerability Management Pada Vulnerable Docker Menggunakan Clair Scanner Dan Joomscan Berdasarkan Standar GSA CIO-IT Security-17-80

Abstract

Vulnerabilities in Docker need to be managed considering that this vulnerability is one of the potentials for exploitation, this can happen because Docker is a container related to application and system security. This study analyzes the vulnerability management process in Docker Images and Docker Images Applications using the GSA CIO-IT Security-17-80 standard. This vulnerability search uses two scanning tools, namely Clair Scanner and JoomScan. Vulnerabilities in Docker Images and Docker Images application version - 1, were overcome by creating a new system, namely version - 2 which upgrades the Docker Images software and Docker Images application. The test scenario is run by scanning for vulnerabilities in two versions of the trial system, in the form of a vulnerability report. The data was analyzed using the GSA CIO-IT Security Standard-17-80 which was limited to the stages of Scanning Capabilities, Vulnerability Scanning Process, Vulnerability Scan Reports, Remediation Verification, and Re-Classification of Known Vulnerabilities. The result is the fastest scanning time is in version - 2, the results of the comparison of vulnerabilities obtained are 44.45% on Docker Images and 77.78% on Joomla. So that the contribution that can be given is to provide an overview of the use of the GSA CIO-IT Security-17-80 standard as a guide for managing the security of an IT asset based on the stages carried out. Continuation of research can be in the form of using the 6 stages of GSA with the support of adequate vulnerability data from the right scanner software.