A Large-scale Data Set and an Empirical Study of Docker Images Hosted on Docker Hub

Lin, Changyuan; Nadi, Sarah; Khazaei, Hamzeh

doi:10.1109/icsme46990.2020.00043

Cited by 18 publications

(14 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…• Discovering that 7.99% of Dockerfiles exist in more than one distinct repository • Most repositories overall contain up to 6 Dockerfiles • Confirmation of previous findings such as JavaScript being the most popular language of projects that contain Dockerfiles [5], [6] (2016, 2020) and RUN being the most popular Dockerfile instruction [5] II. PREVIOUS WORK In previous work, large collections of Dockerfiles have been mined from Github and Docker Hub to better understand Docker use in repositories and to gather insights on popularity, quality, and possible ways to improve Docker usage.…”

Section: Introductionsupporting

confidence: 61%

“…• "RUN" is by far the most popular instruction and often used to manage dependencies [5] (2016) • Dockerfiles are not changed often [5] (2016) • Most Dockerfiles use heavy-weight operating systems as a base image [5] (2016) which contrasts with most Dockerfiles using ready-to-use and application base images [6] (2020) • The biggest Dockerfile quality issues are the lack of version pinning [5], [6] (2016, 2020), newer and popular projects have less code smells [7] (2020), and there is a declining trend over the years in Dockerfile smells [6] (2020) Our intent to replicate previous studies mining large Dockerfile collections leads to the following research questions: RQ1. How are instructions and base images used in Dockerfiles over time?…”

Section: B Replicating Previous Findingsmentioning

confidence: 99%

“…Mining Docker Hub: Lin et al [6] (2020) scraped Docker Hub and its related GitHub and Bitbucket repositories retrieving 434,304 Dockerfiles up until May 2020. They sought to better understand the Docker ecosystem through Docker Hub.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Revisiting Dockerfiles in Open Source Software Over Time

Eng

Hindle

2021

2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

Docker is becoming ubiquitous with containerization for developing and deploying applications. Previous studies have analyzed Dockerfiles that are used to create container images in order to better understand how to improve Docker tooling. These studies obtain Dockerfiles using either Docker Hub or Github. In this paper, we revisit the findings of previous studies using the largest set of Dockerfiles known to date with over 9.4 million unique Dockerfiles found in the World of Code infrastructure spanning from 2013-2020. We contribute a historical view of the Dockerfile format by analyzing the Docker engine changelogs and use the history to enhance our analysis of Dockerfiles. We also reconfirm previous findings of a downward trend in using OS images and an upward trend of using language images. As well, we reconfirm that Dockerfile smell counts are slightly decreasing meaning that Dockerfile authors are likely getting better at following best practices. Based on these findings, it indicates that previous analyses from prior works have been correct in many of their findings and their suggestions to build better tools for Docker image creation are further substantiated.

show abstract

Section: Introductionsupporting

confidence: 61%

Section: B Replicating Previous Findingsmentioning

confidence: 99%

See 1 more Smart Citation

Revisiting Dockerfiles in Open Source Software Over Time

Eng

Hindle

2021

2021 IEEE/ACM 18th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

show abstract

“…Despite the differences in failures rates, these studies corroborate our finding that build failures are prevalent. Lin et al [35] analyzed patterns (i.e., good and bad practices) in Dockerfiles. Among various observations, they found that many Dockerfiles use obsolete OS images, which can pose security risks (because attackers could exploit documented vulnerabilities) and incorrectly use the latest tag.…”

Section: Empirical Studies On Docker (And Devops)mentioning

confidence: 99%

Shipwright: A Human-in-the-Loop System for Dockerfile Repair

Henkel

Silva

Teixeira

et al. 2021

2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Docker is a tool for lightweight OS-level virtualization. Docker images are created by performing a build, controlled by a source-level artifact called a Dockerfile. We studied Dockerfiles on GitHub, and-to our great surprisefound that over a quarter of the examined Dockerfiles failed to build (and thus to produce images). To address this problem, we propose Sh i p w r i g h t , a human-in-the-loop system for finding repairs to broken Dockerfiles. Sh i p w r i g h t uses a modified version of the BERT language model to embed build logs and to cluster broken Dockerfiles. Using these clusters and a searchbased procedure, we were able to design 13 rules for making automated repairs to Dockerfiles. With the aid of Sh i p w r i g h t , we submitted 45 pull requests (with a 42.2% acceptance rate) to GitHub projects with broken Dockerfiles. Furthermore, in a "time-travel" analysis of broken Dockerfiles that were later fixed, we found that S h i p w r i g h t proposed repairs that were equivalent to human-authored patches in 22.77% of the cases we studied. Finally, we compared our work with recent, state-of-theart, static Dockerfile analyses, and found that, while static tools detected possible build-failure-inducing issues in 20.6-33.8% of the files we examined, Sh i p w r i g h t was able to detect possible issues in 73.25% of the files and, additionally, provide automated repairs for 18.9% of the files.

show abstract

“…Comprovando a incidência de vulnerabilidade em imagens Docker, inclusive no próprio Docker Hub, Lin [Lin et al 2020] analisaram 3.364.529 imagens, cobrindo 98,38% das imagens. Os autores constataram um alto índice de imagens com vulnerabilidades.…”

Section: Trabalhos Relacionadosunclassified

Segurança em imagens Docker: um estudo de ferramentas de análise estática

Fialho

Bordim

2021

Anais Do XXVI Workshop De Gerência E Operação De Redes E Serviços (WGRS 2021)

View full text Add to dashboard Cite

O uso da tecnologia de contêineres experimentou uma adoção massiva nosúltimos anos sendo o Docker uma das tecnologias mais utilizadas. O Docker usa o conceito de imagens, que as armazena de forma hierárquica para melhorar a reutilização. Apesar de seus benefícios, as imagens podem apresentar vulnerabilidades de segurança. Quando não tratadas, essas aplicações podem ter riscos em potencial. Embora existam várias ferramentas de análise estática para identificar vulnerabilidades em imagens, suas vantagens e deficiências não são claras, o que torna a tarefa de selecionar uma ferramenta adequada bastante desafiadora. Este trabalho avalia o desempenho de quatro soluções populares na literatura: Anchore Grype, Clair, Dagda e Snyk. A avaliação considera sua capacidade de identificar vulnerabilidades e usabilidade. Usando um conjunto de vulnerabilidades conhecidas nas imagens como linha de base (controle), as ferramentas são comparadas entre si. Os resultados mostram que Anchore Grype obteve o melhor resultado entre as ferramentas avaliadas com uma taxa de identificação (TIV) de 23% das vulnerabilidades do controle utilizado. Entre as ferramentas, Anchore Grype encontrou duas vezes mais vulnerabilidades do que a segunda melhor alternativa.

show abstract

A Large-scale Data Set and an Empirical Study of Docker Images Hosted on Docker Hub

Cited by 18 publications

References 16 publications

Revisiting Dockerfiles in Open Source Software Over Time

Revisiting Dockerfiles in Open Source Software Over Time

Shipwright: A Human-in-the-Loop System for Dockerfile Repair

Segurança em imagens Docker: um estudo de ferramentas de análise estática

Contact Info

Product

Resources

About