Patent attributes
A method for expanded integrity monitoring of a container image, wherein the container image contains at least two layers, a base image and at least one application layer, which carries out at least one modification operation on the base image, includes the following steps: during assembly of the container image, allocating an integrity rule specific to the layer to the layer, for at least one of the layers of the container image, providing the container image and the allocated integrity rules to a guest computer, and—generating a container instance on the basis of the container image via a real-time environment of the guest computer, checking each individual layer in relation to the allocated integrity rules during execution of the container instance in the real-time environment, and—executing the layer according to the allocated layer-specific integrity rule.
