The platform provider Sysdig, which focuses on Secure DevOps, has presented its annual “Container Security and Usage Report” for the fourth time. In the output for 2021, Sysdig comes to the conclusion that more and more users are attaching greater importance to security and monitoring. Almost three-quarters (74 percent) of the DevOps teams surveyed scan their container images early in the build process of their CI / CD pipelines even before deployment. According to Sysdig, Container Security is performing a clear shift left.

Insights into productive container deployments The findings presented in the report are based on the analysis of data from around 2 million container deployments by Sysdig customers. This is only a subset of the containers running daily in Sysdig accounts. In addition, the provider also included publicly accessible data from container deployments at GitHub, Docker Hub and the Cloud Native Computing Foundation (CNCF). In addition to the welcome trend towards a shift left, the data also reveal persistent security problems – especially with regard to the rights settings for containers: In 58 Percent of the examined cases, the images run with root privileges.

Thus, almost two thirds of the examined containers are susceptible to being compromised during runtime. According to Sysdig, the fact that DevOps teams apparently do not shy away from this risk has to do with the fact that many people consider rapid deployment more important. The associated dangers are also put into perspective when looking at the average lifespan of container images. Almost half of all examined images come to runtimes of less than five minutes, not even 20 percent run a day or longer. On the one hand, the very short Lifespan cycles keep the risk of attack low, but also make comprehensive monitoring of the container images during runtime more difficult.

Docker Runtime is becoming less important Sysdig has identified another important trend in the use of container runtimes and registries. Not only since Kubernetes wanted to discontinue support for Docker as a runtime environment, its popularity has suffered. Sysdig users are also increasingly turning to the alternatives Containerd and cri-o. According to the report, Docker Runtime is only used by 36 percent, the shares of Containerd and cri-o have doubled compared to the previous year 33 or 17 percent. It should be noted, however, that Docker is also internally based on Containerd and at least prefer platforms such as Red Hat OpenShift cri-o.

Prefer Sysdig users More and more often the container runtimes Containerd and cri-o compared to Docker.

(Image: Sysdig)

For the container registries for hosting and managing images, Docker still the top position (33 percent), according to Sysdig, competing offers such as Google Cloud Registry (GCP) and Quay are found but increasingly frequent use. GCP with a share of 26 percent is the most important public cloud repository. Quay recorded an increase from to 24 Percent the greatest growth.

The Container Security and Usage Report 2021 also provides other interesting insights into the operative container environments of Sysdig users, for example the use of monitoring and security tools such as Prometheus or the Falco, which Sysdig has handed over to the CNCF. The full report is available for free download on the company website.

(map)