Vulnerability Analysis of 2500 Docker Hub Images
Katrine Wist, Malene Helsem, Danilo Gligoroski
TL;DR
This paper conducts an extensive vulnerability analysis of 2500 Docker images from Docker Hub, revealing rapid growth in vulnerabilities, differences among image types, and identifying the most vulnerable languages and packages.
Contribution
It provides the most comprehensive recent vulnerability analysis of Docker images, highlighting key patterns and risks in container security.
Findings
Vulnerabilities on Docker Hub are rapidly increasing.
Certified images are more vulnerable than official images.
Python and JavaScript packages contain the most severe vulnerabilities.
Abstract
The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker's online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world's largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable;…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDistributed systems and fault tolerance · Software System Performance and Reliability · Age of Information Optimization