Comparison of Vulnerability Scanners for Detecting Obfuscated Malware in Containers
The growing popularity of containerization in cloud environments is accompanied by an increasing number of attacks that leverage obfuscated malware designed to evade detection by static scanners. This paper presents an experimental comparison of two container security tools – Trivy (static analysis) and Tracee (dynamic observation based on eBPF) – in detecting malicious executables hidden in non-standard paths such as /tmp/.