DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This action is responsive to the application filed 07/16/2020.  
Claims 1-20 are presented for examination.  
Information Disclosure Statement

2. 	The Applicants’ Information Disclosure Statement filed 07/16/2020 has been received, entered into the record, and considered.  A copy of PTO 1449 form is attached.

Drawings

3.	The drawings filed 07/16/2020 are accepted by the examiner.

Specification

4.	The specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Claim Rejections - 35 USC § 103
5. 	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Stopel et al. (US 20170116412) in view of Leafe et al. (US 20120233668).

It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.



As to claim 1: 
Stopel teaches a method for scanning of virtual machine images (paragraph: 0021: a method…scanning contents of the container image), comprising: 
creating a virtual machine instance of a virtual machine based on a virtual machine image of the virtual machine and an application programming interface (API) of an environment in which the virtual machine is to be deployed, wherein the virtual machine image has an entry point such that the virtual machine instance executes the entry point (paragraph 0021: receiving an event indicating that a container image requires profiling, wherein the container image includes resources utilized to execute a corresponding application container; scanning contents of the container image to identify an entry-point script, wherein the entry-point script is a first processing being executed upon launching of an application container; paragraphs 0038-0039: the host device 310 is configured to host and execute a detector container 315. The detector container 315 is a software container designed to profile container images stored in the registries 330 and to enforce a secured execution of a respective APP container based on the generated profiles… the interface between the host device 310 and the system may be realized as an API or a plugin); and 
wherein the lightweight script is configured to retrieve a static scanner executable, to execute the static scanner executable, and to send results of the scanning (paragraphs 0077-0078: an event indicating that a container image should be scanned is received. Such an event can be received from a continuous integration system, an image registry, and the like. The event may designate a specific container image or a group of images (each of which identified by their unique identifier) and the source of the image(s) to be scanned…the container image (e.g., the container image 301-C, FIG. 3) to be scanned is exported from its source to the device hosting the detector container; paragraphs 0089: the contents (i.e., the layers) of the container image (received at S620) are scanned to identify an entry-point script. Such a script is the first to launch upon execution of an APP container and lists all the spawned processes to be executed. The scan may be performed across all layers of the container image.).

Stopel, however, does not explicitly teach the following additional limitations:


Leafe teaches replacing the entry point of the virtual machine instance with a lightweight script (paragraph 0289: the binary loader submodule 1724 is used to load a user-provided script or binary module. Via the plugin API 1720, a user posts the module and entry point information where it is saved in a location accessible to the plug-in loader 1702. A call from the internal API 1714 is sent to the binary loader submodule 1724, which loads the user-provided module and calls the appropriate entry point  with the provided arguments. The plugin processes the request based on the arguments and returns a response. The plug-in loader 1702 then proxies the result from the binary loader submodule 1724 request to internal API 1718 via output 1716). 
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Stopel with Leafe because it would have provided virtual machine images that have been customized for user-specific functions and allowed the cloud computing system to be used for new, user-defined services without requiring specific support.
As to claim 2: 
Stopel teaches performing at least one mitigation action based on the results of the scanning (paragraphs 0086-0087).As to claim 3: 
Stopel teaches retrieving the results of the scanning from a storage (paragraph 0096). As to claim 4: 
Stopel teaches the at least one mitigation action further comprises: removing the virtual machine image from the environment in which the virtual machine is to be deployed (paragraphs 0080-0081).
As to claim 5: 
Stopel teaches creating the virtual machine instance further comprises: configuring the virtual machine instance with at least one configuration, wherein the at least one configuration includes at least one of: no internal traffic allowed, only predetermined allowable applications are allowed to run, no code which could perform changes in the environment is allowed to run, access is limited, and no communications are allowed via unsecured networks (paragraphs 0082-0084).

As to claim 6: 
Stopel teaches the created virtual machine instance is a type of virtual machine instance that utilizes excess computing resources of the environment in which the virtual machine is to be deployed (paragraphs 0057-0058).
As to claim 7: 
Stopel teaches the type of virtual machine instance is any of: a pre-emptible instance, and a spot instance (paragraphs 0057-0058).
As to claim 8: 
Stopel teaches the lightweight virtual machine instance is created based on a known budget and an expected scanning time (paragraph 0096).

As to claim 9: 
Perry teaches storing the lightweight script in a storage location accessible to the virtual machine instance (paragraphs 0045-0046).


As to claim 10: 
Stopel, however, does not explicitly teach the following additional limitations:


Leafe teaches replacing the entry point of the virtual machine instance with the lightweight script further comprises adding an instruction to retrieve the lightweight script from the storage location and to run the retrieved lightweight script (paragraph 0289).
It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Stopel with Leafe because it would have provided virtual machine images that have been customized for user-specific functions and allowed the cloud computing system to be used for new, user-defined services without requiring specific support.
As to claim 11: 
Note the discussion of claim 1 for rejection. Claim 11 is the same as claim 1, except claim 11 is a non-transitory computer readable medium claim and claim 1 is a method claim.



As to claims 12-20: 
Note the discussion of claims 1-10 above, respectively, for rejections. Claims 12-20 are the same as claims 1-10, except claims 12-20 are system claims and claims 1-10 are method claims.

Conclusion

6.	The prior art made of record, listed on PTO 892 provided to Applicant is considered to have relevancy to the claimed invention. Applicant should review each identified reference carefully before responding to this office action to properly advance the case in light of the prior art.
	
Contact Information

7.	Any inquiry or a general nature or relating to the status of this application should 
              be directed to the TC 2100 Group receptionist: (571) 272-2100.
	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 

The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/VAN H NGUYEN/Primary Examiner, Art Unit 2199