Runtime detection of vulnerabilities in software containers

What is claimed is: 1. A method for detecting vulnerabilities in software containers at runtime, comprising: intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment, wherein the second execution environment is separated from the first execution environment, wherein the second execution environment includes a dummy software container and a detector software container, wherein the dummy software container is configured to trap an attempt to infect other software containers with a malicious code generated by the new software container; migrating the new software container from the first execution environment to the second execution environment for execution therein; intercepting, by the detector software, communications between the new software container and the dummy software container in the second execution environment; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action, wherein the monitoring further comprises determining that the at least one unauthorized action has been attempted based on the intercepted communications between the new software container and the dummy container in the second execution environment; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action. 2. The method of claim 1 , further comprising: migrating the new software container back to the first execution environment if the at least one unauthorized action has not been detected after a predefined time interval. 3. The method of claim 1 , further comprising: upon detection of the at least one unauthorized action, performing at least one mitigation action. 4. The method of claim 3 , wherein the mitigation action includes at least any one of: a container identifier, a type of the detected vulnerability, a process causing the detected vulnerability. 5. The method of claim 1 , wherein creating the second execution environment further comprises: instantiating a virtual machine, an operating system kernel, the dummy software container, and the detector software container. 6. The method of claim 5 , wherein the first execution environment and the second execution environment are hosted in any one of: the same host device and different host devices. 7. The method of claim 1 , wherein monitoring the operation of the new software container further comprises: listening to any communication between a client component and a daemon component of the new software container. 8. The method of claim 1 , wherein the new software container is configured to execute a dedicated application. 9. The method of claim 1 , wherein the at least one unauthorized action includes a list of actions that are likely to cause malicious activity by the new software container. 10. The method of claim 9 , wherein the at least one unauthorized action includes at least any one of: accessing a virtual machine in the second execution environment, system-calling an operating system kernel in the second execution environment, accessing a dummy software container in the second execution environment, reading to or writing from a filesystem of the new software container, opening a connection port, and accessing an external network address. 11. The method of claim 1 , wherein generating the detection event further comprises: reporting the detection event to a console device for informing external security systems and displaying the detection event. 12. The method of claim 1 , further comprising: monitoring the operation of a software container in the first execution environment; and upon detecting an attempt to perform an unauthorized action in the first execution environment, migrating the software container to the second execution environment. 13. A non-transitory computer readable medium having stored thereon instructions for causing a processing system to execute a process for detecting vulnerabilities in software containers during runtime at runtime, the process comprising: intercepting a request to instantiate a new software container in a first execution environment; creating a second execution environment, wherein the second execution environment is separated from the first execution environment, wherein the second execution environment includes a dummy software container and a detector software container, wherein the dummy software container is configured to trap an attempt to infect other software containers with a malicious code generated by the new software container; migrating the new software container from the first execution environment to the second execution environment for execution therein; intercepting, by the detector software, communications between the new software container and the dummy software container in the second execution environment; monitoring the operation of the new software container in the second execution environment to detect at least one unauthorized action, wherein the monitoring further comprises determining that the at least one unauthorized action has been attempted based on the intercepted communications between the new software container and the dummy container in the second execution environment; and upon detection of the at least one unauthorized action, generating a detection event identifying at least a type of vulnerability associated with the detected unauthorized action. 14. A host device for detecting vulnerabilities in software containers at runtime, comprising: a processing system; and a memory, the memory containing instructions that, when executed by the processing system, configure the host device to: intercept a request to instantiate a new software container in a first execution environment; create a second execution environment, wherein the second execution environment is separated from the first execution environment, wherein the second execution environment includes a dummy software container and a detector software container, wherein the dummy software container is configured to trap an attempt to infect other software containers with a malicious code generated by the new software container; migrate the new software container from the first execution environment to the second execution environment for execution therein; intercept, by the detector software, communications between the new software container and the dummy software container in the second execution environment; monitor the operation of the new software container in the second execution environment to detect at least one unauthorized action, wherein the monitoring includes determining that the at least one unauthorized action has been attempted based on the communications between the new software container and the dummy software container in the second execution environment; and upon detection of the at least one unauthorized action, generate a detection event identifying at least a type of vulnerability associated with the detected unauthorized action. 15. The host device of claim 14 , wherein the host device is further configured to: migrate the new software container back to the first execution environment if the at least one unauthorized action has not been detected after a predefined time interval. 16. The host device of claim 14 , wherein the host device is further configured to: upon detection of the at least one unauthorized action, perform at least one mitigation action. 17. The host device of