Docker Community Forums

Share and learn in the Docker community.

Scan for outdated, vulnerable and buggy Debian packages in Docker containers


(Neglectos) #1

We did a large scale analysis on Docker containers based on Debian ( both official and community images), and we reported the results and method followed in a research paper: https://arxiv.org/pdf/1811.12874.pdf

For the data extraction and analysis part, we relied on the ConPan tool to scan and extract information about outdated Debian packages (Debian Archive), their vulnerabilities (Debian Security Tracker) and other kind of bugs (Ultimate Debian Database). Have a look at it.


(Raj Chaudhuri) #2

This is fascinating. Great work, and thank you very much.

I only wish this paper also included containers based in the alpine image. It’s my preferred base, and what I advise my clients to use.


(Neglectos) #3

Thank you.
We actually started our exploration on Alpine images but because of the lack of data, we were limited to do an extensive study about vulnerabilities and other kind of package bugs.
Check this: http://applications.umons.ac.be/docnum/c7b423fd-d183-486c-9cec-966066b9b364/E063CEF2-A345-4324-B826-942E04C19B33/paper_15.pdf


(Tallandtree) #4

Thanks for sharing this. This is a very useful research.


(abdelhalim souri) #5

It seems like you did a great work, BTW i like the tool you mentioned its helpful.
IMHO, it will be great if you can expand your tool to scan another docker images.

Thanks for sharing