Sysdig report Image used with permission from Sysdig.

You probably already knew that most of the containers created by developers are disposable, but did you realize that half of them are only around for less than five minutes? That and other fascinating details are available in the latest annual container report from Sysdig, a container security and orchestration vendor.

This is the company’s third such report. The results are obtained from their own instrumentation collected from a five-day period last month of the more than 2 million containers used by their own customers. This means the results could be somewhat skewed toward more experienced container developers.

Nevertheless, the report merits some scrutiny. Here are four important takeaways.

1. Containers are more disposable than most of us thought

Last year’s report found that only a fifth of the containers lasted for less than five minutes. This year found a fifth of containers operated for fewer than 10 seconds. That is a pretty significant jump. The report also found that half of the container images were replaced within a week. Taken together, these data points indicate a greater adoption of containers for more specific application and processing needs. But it also serves as a motivation for developers to ensure that no matter how short-lived, these containers need appropriate security measures.

2. More than half have known security issues

That brings up the next data point, where more than half of the containers that Sysdig tools scanned were found to have known security vulnerabilities. These include common runtime mistakes, such as allowing files to be created below the /etc and /root directories, which could be sloppy programming or could indicate a potential malware threat. The report found a median of 21 containers running as root on the hosts surveyed, which again indicates a lack of rigor in how they are consumed and deployed by developers because a root-level container could potentially be used in a privilege escalation attack.

3. Container density has doubled

The report also found that hosts were carrying twice the number of containers from last year, and a tenth of their customers are operating multiple public clouds to run their containers. Both show an increasing sophistication and maturity level, at least among Sysdig users. “With container density doubling since our last report, it’s evident that the rate of adoption is accelerating as usage matures,” said Suresh Vasudevan, Sysdig’s CEO, in their report.

4. Red Hat OpenShift is in demand

If you neglect the number of customers who are using Sysdig’s PaaS platform for on-premises deployments, Red Hat OpenShift comes out as being used by 43% of the customers for container orchestration and deployment. The report authors say this shows that larger and more risk-averse organizations want the advantages of using Kubernetes but want to deploy it on a commercially supported platform.

Sysdig report
Image used with permission from Sysdig.
Image used with permission from Sysdig.">

Also of interest to Red Hat developers is the report’s rise in usage of the CRI-O to 4% of containers. This tool is a lightweight container runtime for Kubernetes. The report’s authors “expect CRI-O’s use to climb over the coming years, especially as customers running Red Hat OpenShift migrate from v3 to v4, where CRI-O replaces the previously provided Docker engine.”

Last updated: July 1, 2020