DETAILED ACTION

1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
This action is responsive to the amendment filed 08/19/2022.  
Claims 1, 2, 5-13, and 16-25 are pending in this application. Claims 3, 4, 14, and 15 have been cancelled.  Claims 22-25 have been added. 

Claim Rejections - 35 USC § 112



2.	Claims 1, 2, 5-13, and 16-25 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.

As to claims 1, 10-12, and 20-23:
The claims were amended/added in the claim amendments filed 08/19/2022 to add the limitations:
“modifying an entry point of the virtual machine instance to indicate a script which, when excuted, causes a scanner to scan the virtual machine image” (claim 1);

“modify an entry point of the virtual machine instance with a script, configured to retrieve a static scanner to scan the virtual machine image” (claim 11);

“modify an entry point of the virtual machine instance with a script, configured to cause a scanner to scan the virtual machine image” (claim 12);

“wherein the instructions to modify the entry point of the virtual machine instance comprise instructions to modify the entry point with one or more instructions to retrieve the script” (claims 20 and 22);

“modify the entry point  to indicate the script comprise instructions executable by the processing circuitry to configure the system to replace the entry point with the script which retrieves and executes the scanner when the script is executed or modify the entry point with one or more instructions to retrieve the script from a storage location accessible by the virtual machine instance and to run the retrieved script” (claim 21); and 

“wherein the instructions to modify the entry point to indicate the script comprise instructions to replace the entry point with the script which retrieves and executes the scanner when the script is executed or to modify the entry point with one or more instructions to retrieve the script from a storage location accessible by the virtual machine instance and to run the retrieved script” (claim 23).

Upon review of applicant's specification (and the paragraphs provided by Applicant), no support was found for the amended claim limitations, since they were not disclosed in the original specification.  Therefore the claims must be rejected as claiming new matter under 35 U.S.C. 112, first paragraph, as failing to comply with the written description requirement.

Applicant is obligated to respond by explaining where in the Specification support for each of these limitations can be found.  See In re Alton, 76 F.3d 1168, 1175 [37 USPQ2d 1578] (Fed. Cir. 1996).  See Hyatt v. Doll, 91 USPQ2d 1865 (Fed. Cir., 2009).

The dependent claims are rejected for fully incorporating the deficiencies of their respective base claims.

Claim Rejections - 35 USC § 112
3.	The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


	
Claims 11 and 22-25 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

The use of “executable” renders the claims indefinite because it is unclear whether the functions in the claims are actually performed.

To expedite a complete examination of the instant application, the claim rejected under 35 U.S.C. §112 above is examined in anticipation of Applicant amending the claims so the claimed functions are executed by a computer.

Claim Rejections - 35 USC § 102

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:

A person shall be entitled to a patent unless –

 (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1, 2, 5-13, and 16-25 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Abraham et al.  (US 2020030426).

It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.

As to claim 1: 
Abraham teaches a method (a method comprising: accessing, by a computer, a container image, built at least in part inside a virtual machine instance; accessing, by the computer, an image of the virtual machine instance; scanning, by the computer, the container image and the image of the virtual machine instance for security issues; and displaying, by the computer, a result of the scanning; claim 1), comprising: 
creating a virtual machine instance based on a virtual machine image with an application programming interface (API) of an environment in which the virtual machine image is stored (paragraph 0017: a computer environment 100 that allows a user (a user associated with a microservice developer, as an example) to develop container images inside virtual machine instances… allows end users to, through their end user computers 140, communicate with a cloud computing environment 110 for purposes of creating one or multiple virtual machine instances 112 and creating one or multiple container images 115 inside the virtual machine instances 112; paragraph 0033: the physical machine(s) may create one or multiple virtual machines; and the components of the portal 150, such as the inspection engine 154, GUI 152, search engine 158 and rectification engine 156, may execute on one or multiple virtual machines); and 

modifying an entry point of the virtual machine instance to indicate a script which, when excuted, causes a scanner to scan the virtual machine image (Abstract: the container image and the image of the virtual machine instance are scanned for security issues; and a result of the scanning is displayed by the computer; paragraph 0015: The inspection engine examines the virtual machine instances to detect the construction of image containers inside the virtual machines. For each of the detected virtual machine instances, the inspection engine scans the container image for purposes of identifying potential security issues with the container image, such as potential security vulnerabilities and threats (also referred to by the more succinct designation as potential “security vulnerabilities” or “vulnerabilities,” herein); paragraph 0016: the inspection engine may, based on the results of the tags and possible interaction by the user through a graphical user interface (GUI), tag, or label, the scanned container images, virtual machine instances and build files with tags that identify attributes of these objects. For example, a particular tag may identify whether the associated object is trusted or untrusted. A tag may also identify, for example, whether use of the associated object is to be blocked or is to be rectified to address the security issue. In accordance with some implementations, the inspection engine may initiate a rectification operation by a rectification engine associated with the portal to correct one or multiple identified security issues with a particular object so that the object may thereafter be trusted; paragraph 0024: an inspection engine 154 of the portal 150 runs a security scan on the container images that are identified by the search engine 158. Additionally, in accordance with some implementations, the inspection engine 154 runs security scans on the virtual instances in which the container images are created and runs scans on associated container build files, which are associated with containers that are being constructed by the user; paragraph 0040: before retrieving the particular object from the cloud computing environment 110, the inspection engine 154 may first check the database 160 to determine (decision block 212) whether an existing database entry exists in the database 160. If not, then the inspection engine 154 may add a corresponding object entry to the database 160 and retrieve the object from the cloud computing environment 110. Otherwise, if an existing database entry exists, then the scan engine 154 may update (block 216) the object entry in the database 160).
As to claim 2: 
Abraham teaches performing at least one mitigation action based on results of scanning the virtual machine image indicating at least one of a vulnerability and non-compliance with a rule or policy, wherein the mitigation action comprises at least one of removing the virtual machine image from the environment and sending a notification to a system associated with the environment (paragraphs 0027-0028 and 0053-0054).As to claim 5: 
Abraham teaches configuring the virtual machine instance with at least one configuration, wherein the at least one configuration includes at least one of: no internal traffic allowed, only predetermined allowable applications are allowed to run, no code which could perform changes in the environment is allowed to run, access is limited, and no communications are allowed via unsecured networks (paragraphs 0016, 0027-0028, 0030,  and 0053-0054).
As to claim 6: 
Abraham teaches the creating the virtual machine instance comprises creating the virtual machine instance as a type of virtual machine that utilizes excess computing resources of the environment (paragraphs 0016-0017).
As to claim 7: 
Abraham teaches the type of virtual machine instance is any of a pre-emptible instance and a spot instance (paragraphs 0023-0024 and 0060).



As to claim 8: 
Abraham teaches creating the virtual machine instance comprises creating the virtual machine instance according to at least one of a known budget for scanning the virtual machine image and an expected scanning time (paragraphs 0021- 0022).

As to claim 9: 
Abraham teaches storing the script in a storage location accessible to the virtual machine instance (paragraphs 0034-0035).

As to claim 10: 
Abraham teaches modifying the entry point of the virtual machine instance to indicate the script comprises one of replacing the entry point with the script which retrieves and executes the scanner when the script is executed and modifying the entry point with instructions to retrieve the script from a storage location accessible by the virtual machine instance and to run the retrieved script (paragraphs 0015-0016, 0034-0035, 0040).



As to claims 11 and 23-25: 
Note the discussion of claims 1, 10, 5, and 6 above, respectively, for rejections. Claims 11 and 23-25 are is the same as claims 1, 10, 5, and 6, except claim 11 are non-transitory computer readable medium claims and claims 1, 10, 5, and 6  are method claims.

As to claim 20: 
Abraham teaches store the script in a storage location accessible to the virtual machine instance, wherein the instructions to modify the entry point of the virtual machine instance comprise instructions to modify the entry point with one or more instructions to retrieve the script script (paragraphs 0015-0016, 0034-0035, 0040).

As to claims 12, 13, 16-19 and 21: 
Note the discussion of claims 1, 2, 5-8, and 10 above, respectively, for rejections. Claims 12, 13, 16-19 and 21 are the same as claims 1, 2, 5-8, and 10, except claims 12, 13, 16-19 and 21 are system claims and claims 1, 2, 5-8, and 10 are method claims.

As to claim 20: 
Abraham teaches store the script in a storage location accessible to the virtual machine instance, wherein the instructions to modify the entry point of the virtual machine instance comprise instructions to modify the entry point with one or more instructions to retrieve the script (paragraphs 0015-0016, 0034-0035, 0040).

Response to Arguments 

5.	Applicant's arguments filed 08/19/2022 have been fully considered but are deemed to be moot in view of the new ground(s) of rejection necessitated by Applicant's amendments.  

Conclusion

6.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

	
Contact Information

7.	Any inquiry or a general nature or relating to the status of this application should 
              be directed to the TC 2100 Group receptionist: (571) 272-2100.
	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 

The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/VAN H NGUYEN/Primary Examiner, Art Unit 2199