The use of container technology has skyrocketed during the last few years, with Docker as the leading container platform. Docker's online repository for publicly available container images, called Docker Hub, hosts over 3.5 million images at the time of writing, making it the world's largest community of container images. We perform an extensive vulnerability analysis of 2500 Docker images. It is of particular interest to perform this type of analysis because the vulnerability landscape is a rapidly changing category, the vulnerability scanners are constantly developed and updated, new vulnerabilities are discovered, and the volume of images on Docker Hub is increasing every day. Our main findings reveal that (1) the number of newly introduced vulnerabilities on Docker Hub is rapidly increasing; (2) certified images are the most vulnerable; (3) official images are the least vulnerable; (4) there is no correlation between the number of vulnerabilities and image features (i.e., number of pulls, number of stars, and days since the last update); (5) the most severe vulnerabilities originate from two of the most popular scripting languages, JavaScript and Python; and (6) Python 2.x packages and jackson-databind packages contain the highest number of severe vulnerabilities. We perceive our study as the most extensive vulnerability analysis published in the open literature in the last couple of years.
翻译:过去几年来,集装箱技术的使用迅速增加,多克是集装箱平台的主要平台。多克的集装箱图像在线储存库,称为多克中心,在撰写本文件时接收了350多万张图像,使其成为世界上最大的集装箱图像群。我们对2500张多克图像进行了广泛的脆弱性分析,对2500张多克图像进行了广泛的脆弱性分析,特别有兴趣进行这种类型的分析,因为脆弱环境是一个迅速变化的类别,脆弱扫描仪不断得到开发和更新,新的脆弱性被发现,多克中心图像的数量每天都在增加。我们的主要调查结果显示:(1) 多克中心新引入的易感染性数量迅速增加;(2) 经认证的图像是最脆弱的;(3) 官方图像是最脆弱的;(4) 脆弱性和图像特征的数量(即拉动数量、恒星数量和自上次更新以来的天数)之间没有关联性;(5) 最严重的脆弱性来自两种最受欢迎的文字,即贾瓦斯克里普和皮顿;以及(6) Pyhon 2.x软件包和Jackbin数据包中新引入的易感染性迅速增加数;(2) 经认证的图像是我们最后几年中已出版的最严重的脆弱性分析的一对脆弱程度。
相关内容
微信扫码咨询专知VIP会员