The developer community may be reeling from the recent exposure of 190 million Docker Hub accounts, but it isn't just Docker's account access that they should be worried about. A report issued earlier this month revealed that developers need to be more rigorous when developing and using Docker containers.
The report, released by open source and container vulnerability scanning company Snyk, found many vulnerabilities in Docker images and the base images used to create them. The company scanned Docker Hub, which is a repository for Docker images that developers can use in their own projects.
Snyk found that vulnerabilities are widespread for Docker containers, even among those that Docker certifies as more secure in Docker Hub. The top 10 official Docker images with more than 10 million downloads each contain at least 30 vulnerabilities, according to the report. And of the top 10 most popular free certified images, 50% have known vulnerabilities.
The reuse of Docker images compounds the problem, warns the report. “Docker images are largely built on top of other images, meaning a vulnerability in one image is also present in all the images that utilize it,” it sad.
Many of these vulnerabilities could have been fixed, said the report. 44% of Docker images had known vulnerabilities for which there were newer and more secure base images available.
The problem lies with developers. Fewer than one in five scan their Docker images for bugs during development, and only half of all developers do it at all, according to Snyk. The company took this data from its survey of over 500 open source maintainers.
Docker is a popular technology for creating, running, and managing containers. These are tiny software packages that contain a small application along with the software assets it needs to run, such as program libraries and environment variables. Companies might use thousands of containers, each containing its own app, and some duplicating each other for resilience.
Unlike a virtual machine, which contains an entire operating system, containers share a single underlying OS kernel between them. This makes them inherently less secure than VMs, because compromising the underlying kernel could damage the containers. Compromising a container could also affect the underlying kernel, and therefore the other containers that share it.
The topic of Cloud Security will be covered throughout the free-to-attend conference at Infosecurity Europe in London from 4-6 June. See all the talks on Cloud Security here. Infosecurity Europe is the leading European event for information and cyber security; find out more and secure your free visitor badge.
