Container Vulnerability Response glossary

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 1 minute to read

    • Learn about terms and concepts that are unique to Container Vulnerability Response.

    Key terms

    Container
    A unit of software, which packages the code and all its dependencies so that the application runs seamlessly and reliably from one computing environment to another.
    Container image
    A static file with executable code that can create a container on a computing system. A container image cannot be changed and thus can be deployed consistently in any environment.
    Cluster
    A set of worker machines, called nodes, that run containerized applications.
    Docker
    Software to create, deploy, and manage application containers on servers and the cloud.
    Docker Image
    A template file that contains code, required libraries, configurations, and so on. The file is used to launch container instances. It consists of a union of layered file systems.
    Dockerfile
    A text file containing instructions to create container images by adding multiple layers. For example, layering of Base Ubuntu, Nginx, and App code.
    Docker Compose
    A tool for defining and running complex applications with Docker. With Compose, you can define a multi-container application in a single file.
    Docker Container
    A Docker Container is a runtime instance launched from a Docker Image.
    Image Layer
    A layer is a modification to an image. It is represented by an instruction in the Dockerfile. Layers are applied in sequence to the base image to create the final image.
    Image Repository
    A collection of docker images with different tags or versions.
    Image Labels
    A set of key-value pairs stored with the image as metadata.
    Namespace
    An abstraction used by Kubernetes to support the isolation of groups of resources within a single cluster.
    Pod
    A set of running containers (another abstraction on top of a container).
    Registry
    A hosted service containing repositories of images.
    Service
    An abstract way to expose an application running on a set of pods as a network service.
    Tag
    A tag is a label applied to a Docker image in a given image repository. Tags are how various images in a repository are distinguished from each other.