Successfully reported this slideshow.

Technical Lag in Docker Containers

0

Share

Jun. 25, 2019
0 likes 24 views
Upcoming SlideShare
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
Loading in …3
×
1 of 27
1 of 27

Technical Lag in Docker Containers

Jun. 25, 2019
0 likes 24 views

0

Share

Download to read offline

Science

This presentation was given in Benevol 2018 in Delft

This presentation was given in Benevol 2018 in Delft

Science

Recommended

More Related Content

More from Ahmed Zerouali

Technical Lag in Software Ecosystems
Ahmed Zerouali
On the Diversity of Software Package Popularity Metrics: An Empirical Study o...
Ahmed Zerouali
ConPan: A Tool to Analyze Packages in Software Containers
Ahmed Zerouali
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Ahmed Zerouali
An Empirical Comparison of the Development History of CloudStack and Eucalyptus
Ahmed Zerouali
Analyzing the Evolution of Testing Library Usage in Open Source Java Projects
Ahmed Zerouali
Icsr2018
Ahmed Zerouali

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The First Shots: The Epic Rivalries and Heroic Science Behind the Race to the Coronavirus Vaccine Brendan Borrell
(3/5)
Free
Graceland, At Last: Notes on Hope and Heartache From the American South Margaret Renkl
(4/5)
Free
Committed: Dispatches from a Psychiatrist in Training Adam Stern
(5/5)
Free
The Secret Life of Fungi Aliya Whiteley
(4/5)
Free
Boundaries Workbook: When to Say Yes, How to Say No to Take Control of Your Life Henry Cloud
(4/5)
Free
Sapiens: A Brief History of Humankind Yuval Noah Harari
(4.5/5)
Free
The Highly Sensitive Person Elaine Aron
(4/5)
Free
Braiding Sweetgrass: Indigenous Wisdom, Scientific Knowledge and the Teachings of Plants Robin Wall Kimmerer
(4.5/5)
Free
Cradle to Cradle: Remaking the Way We Make Things William McDonough
(4.5/5)
Free
Brain on Fire: My Month of Madness Susannah Cahalan
(4.5/5)
Free
Lost Connections: Uncovering the Real Causes of Depression – and the Unexpected Solutions Johann Hari
(4.5/5)
Free
Junky: The Definitive Text of "Junk" William S. Burroughs
(4/5)
Free
Maybe You Should Talk to Someone: A Therapist, HER Therapist, and Our Lives Revealed Lori Gottlieb
(4.5/5)
Free
Changes That Heal: Four Practical Steps to a Happier, Healthier You Henry Cloud
(4/5)
Free
Homo Deus: A Brief History of Tomorrow Yuval Noah Harari
(4.5/5)
Free
Hidden Figures: The American Dream and the Untold Story of the Black Women Mathematicians Who Helped Win the Space Race Margot Lee Shetterly
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Mind and the Moon: My Brother’s Story, the Science of Our Brains, and the Search for Our Psyches Findaway
(0/5)
Free
The Book of Hope: A Survival Guide for Trying Times Jane Goodall
(4.5/5)
Free
The Genome Defense: Inside the Epic Legal Battle to Determine Who Owns Your DNA Jorge L. Contreras
(4.5/5)
Free
Reef Life: An Underwater Memoir Callum Roberts
(4.5/5)
Free
Spare Parts: The Story of Medicine Through the History of Transplant Surgery Paul Craddock
(0/5)
Free
The Way of Imagination Scott Russell Sanders
(4/5)
Free
Why Sharks Matter: A Deep Dive with the World's Most Misunderstood Predator David Shiffman
(0/5)
Free
Empire of the Scalpel: The History of Surgery Ira Rutkow M.D.
(4.5/5)
Free
The Expectation Effect: How Your Mindset Can Change Your World David Robson
(4.5/5)
Free
Journey to the Edge of Reason: The Life of Kurt Gödel Stephen Budiansky
(4.5/5)
Free
End of Bias, The: A Beginning: The Science and Practice of Overcoming Unconscious Bias Jessica Nordell
(3.5/5)
Free
Venom Doc: The Edgiest, Darkest, Strangest Natural History Memoir Ever Bryan G. Fry
(5/5)
Free
Every Deep-Drawn Breath: A Critical Care Doctor on Healing, Recovery, and Transforming Medicine in the ICU Dr Wes Ely
(5/5)
Free
Uncontrolled Spread: Why COVID-19 Crushed Us and How We Can Defeat the Next Pandemic Scott Gottlieb
(4/5)
Free
Of Sound Mind: How Our Brain Constructs a Meaningful Sonic World Nina Kraus
(4.5/5)
Free
Pump: A Natural History of the Heart Bill Schutt
(3.5/5)
Free

Technical Lag in Docker Containers

  1. 1. Analyzing Technical Lag in Docker Images Work in Progress Ahmed Zerouali, Tom Mens, Gregorio Robles and Jesus M. Gonzalez-Barahona The 17th Belgium-Netherlands Software Evolution Workshop December 10-11, 2018 - Delft
  2. 2. /background
  3. 3. /previous work - Cox J, et al. Measuring dependency freshness in software systems. International Conference Software Engineering 2015 (pp. 109-118). IEEE - Kula RG, et al. Do developers update their library dependencies? Empirical Software Engineering. 2018; 23(1):384-417. Elsevier - Zerouali A, et al. An empirical analysis of technical lag in npm package dependencies. International Conference on Software Reuse 2018 (pp. 95-110). Springer
  4. 4. “A lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.” Docker, inc. /What is a Docker container?
  5. 5. Isolation Portability Reusability /What is a Docker container?
  6. 6. /DockerHub
  7. 7. /DockerHub:node Usage: $ docker pull node:<tag> For example: $ docker pull node:8-jessie $ docker pull node:8-alpine
  8. 8. /Method: Focus * Alpine is a minimal image (8MB in size) based on the security-oriented, lightweight Alpine Linux distribution.
  9. 9. /Method: Data Extraction 1) Image identifications: 2,253 images out of 12,840 official images (i.e., 17.5%), coming from 42 official repositories. 2) Extracted installed packages: 82,949 package versions. 3) Tracked packages in the package manager: 63,581 package versions (23% missing)
  10. 10. /Method: Technical lag Technical lag*: the difference between deployed software packages and the latest available packages. (*) Gonzalez-Barahona, et al. "Technical Lag in Software Compilations: Measuring How Outdated a Software Deployment Is." IFIP International Conference on Open Source Systems. Springer, 2017. 1.0.1 1.2.0 2.0.12.0.0 2.1.0 Technical lag Deployed latest Available Dependency
  11. 11. - Measurement = ? /Method: Technical lag RQ: How can we quantify technical lag induced by packages in Docker images?
  12. 12. /Method: Technical lag Package level: package time lag: time difference. package version lag: version difference.
  13. 13. /Method: Technical lag 1.0.1 1.2.0 2.0.12.0.0 2.1.0 Technical lag Deployed latest Available Dependency package time lag = date(2.1.0) - date(1.2.0) package version lag = 3 versions 1 2 3
  14. 14. /Package level /time lag - All images have outdated packages. - Time lag is related to the Alpine version.
  15. 15. /Package level /version lag Last updated images have packages with less version lag.
  16. 16. /Package level - After one month: Updated images, updated only 2.9% of their installed packages. - Most of the updates happened for : openssl, libcrypto1.0, libssl1.0
  17. 17. /Technical lag impact Image level: Image lag impact: number of packages with non-zero technical lag.
  18. 18. /image level /lag impact Number of outdated packages in Docker images is increasing over time.
  19. 19. /Limitations - There are other measurements, e.g. repository lag impact. - We relied only on Alpine packages. - 23% of packages are missed. - We did not consider community Docker images.
  20. 20. /Conclusion Technical lag can be used to assess the health of Docker images and their repositories.
  21. 21. /Future work - Study packages coming from different package managers. - Consider other aspects of technical lag: security, bugs, etc. - Create models to recommend updates to container deployers.
  22. 22. Thank you
  23. 23. More information about how to calculate technical lag when package version make use of constraints (npm) . . . /
  24. 24. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag * ^1.0.0 ^2.0.0 ^1.0.0 = [ 1.0.0, 2.0.0 [ allowed
  25. 25. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag * ^1.0.0 ^2.0.0 allowed ^1.0.0 = [ 1.0.0, 2.0.0 [
  26. 26. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag = 0 * ^1.0.0 ^2.0.0 allowed ^1.0.0 = [ 1.0.0, 2.0.0 [
  27. 27. /repository lag impact

×