A method includes analyzing a given application to determine one or more packages utilized by the given application, the one or more packages comprising a plurality of libraries, identifying a subset of the plurality of libraries utilized by the given application, determining one or more dependent libraries for each of the identified libraries in the subset, generating a given container for the given application, the given container comprising the identified libraries in the subset and the dependent libraries for each of the identified libraries, performing risk analysis for the given container including comparing a risk value calculated for the given container to a designated risk threshold, simulating one or more actions in the given container responsive to the risk value calculated for the given container exceeding the designated risk threshold, and determining whether to accept or reject the given container responsive to the risk analysis and simulated actions.
展开▼