Successfully reported this slideshow.

Technical Lag in Docker Containers

0

Share

1 of 27
1 of 27

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Technical Lag in Docker Containers

  1. 1. Analyzing Technical Lag in Docker Images Work in Progress Ahmed Zerouali, Tom Mens, Gregorio Robles and Jesus M. Gonzalez-Barahona The 17th Belgium-Netherlands Software Evolution Workshop December 10-11, 2018 - Delft
  2. 2. /background
  3. 3. /previous work - Cox J, et al. Measuring dependency freshness in software systems. International Conference Software Engineering 2015 (pp. 109-118). IEEE - Kula RG, et al. Do developers update their library dependencies? Empirical Software Engineering. 2018; 23(1):384-417. Elsevier - Zerouali A, et al. An empirical analysis of technical lag in npm package dependencies. International Conference on Software Reuse 2018 (pp. 95-110). Springer
  4. 4. “A lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings.” Docker, inc. /What is a Docker container?
  5. 5. Isolation Portability Reusability /What is a Docker container?
  6. 6. /DockerHub
  7. 7. /DockerHub:node Usage: $ docker pull node:<tag> For example: $ docker pull node:8-jessie $ docker pull node:8-alpine
  8. 8. /Method: Focus * Alpine is a minimal image (8MB in size) based on the security-oriented, lightweight Alpine Linux distribution.
  9. 9. /Method: Data Extraction 1) Image identifications: 2,253 images out of 12,840 official images (i.e., 17.5%), coming from 42 official repositories. 2) Extracted installed packages: 82,949 package versions. 3) Tracked packages in the package manager: 63,581 package versions (23% missing)
  10. 10. /Method: Technical lag Technical lag*: the difference between deployed software packages and the latest available packages. (*) Gonzalez-Barahona, et al. "Technical Lag in Software Compilations: Measuring How Outdated a Software Deployment Is." IFIP International Conference on Open Source Systems. Springer, 2017. 1.0.1 1.2.0 2.0.12.0.0 2.1.0 Technical lag Deployed latest Available Dependency
  11. 11. - Measurement = ? /Method: Technical lag RQ: How can we quantify technical lag induced by packages in Docker images?
  12. 12. /Method: Technical lag Package level: package time lag: time difference. package version lag: version difference.
  13. 13. /Method: Technical lag 1.0.1 1.2.0 2.0.12.0.0 2.1.0 Technical lag Deployed latest Available Dependency package time lag = date(2.1.0) - date(1.2.0) package version lag = 3 versions 1 2 3
  14. 14. /Package level /time lag - All images have outdated packages. - Time lag is related to the Alpine version.
  15. 15. /Package level /version lag Last updated images have packages with less version lag.
  16. 16. /Package level - After one month: Updated images, updated only 2.9% of their installed packages. - Most of the updates happened for : openssl, libcrypto1.0, libssl1.0
  17. 17. /Technical lag impact Image level: Image lag impact: number of packages with non-zero technical lag.
  18. 18. /image level /lag impact Number of outdated packages in Docker images is increasing over time.
  19. 19. /Limitations - There are other measurements, e.g. repository lag impact. - We relied only on Alpine packages. - 23% of packages are missed. - We did not consider community Docker images.
  20. 20. /Conclusion Technical lag can be used to assess the health of Docker images and their repositories.
  21. 21. /Future work - Study packages coming from different package managers. - Consider other aspects of technical lag: security, bugs, etc. - Create models to recommend updates to container deployers.
  22. 22. Thank you
  23. 23. More information about how to calculate technical lag when package version make use of constraints (npm) . . . /
  24. 24. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag * ^1.0.0 ^2.0.0 ^1.0.0 = [ 1.0.0, 2.0.0 [ allowed
  25. 25. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag * ^1.0.0 ^2.0.0 allowed ^1.0.0 = [ 1.0.0, 2.0.0 [
  26. 26. /method /technical lag 1.0.1 1.2.0 2.0.1 3.6.0 4.1.04.0.0 5.0.0 2.0.0 2.1.0 npm package: P dependency: D ^1.0.0 Technical lag = 0 * ^1.0.0 ^2.0.0 allowed ^1.0.0 = [ 1.0.0, 2.0.0 [
  27. 27. /repository lag impact

×