A Study of Security Vulnerabilities on Docker Hub

Docker containers have recently become a popular approach
to provision multiple applications over shared physical hosts
in a more lightweight fashion than traditional virtual machines.
This popularity has led to the creation of the Docker
Hub registry, which distributes a large number of official and
community images. In this paper, we study the state of security
vulnerabilities in Docker Hub images. We create a
scalable Docker image vulnerability analysis (DIVA) framework
that automatically discovers, downloads, and analyzes
both official and community images on Docker Hub. Using
our framework, we have studied 356,218 images and made
the following findings: (1) both official and community images
contain more than 180 vulnerabilities on average when
considering all versions; (2) many images have not been updated
for hundreds of days; and (3) vulnerabilities commonly
propagate from parent images to child images. These findings
demonstrate a strong need for more automated and
systematic methods of applying security updates to Docker
images and our current Docker image analysis framework
provides a good foundation for such automatic security update.

Source: http://delivery.acm.org/10.1145/3030000/3029832/p269-shu.pdf?ip=


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s