We run Datagrid services on Docker. Not only are containers efficient but we find them easier to use for implementing immutable infrastructure as well. And, like many Docker users, we often start with the standard images in the Docker Hub repository. It’s very convenient. Yes, as you can tell, we’re fans. However, containers and the repository aren’t a substitute for diligence when it comes to updates.
Like many high-tech startups, we were our own first customer. What we found, though, surprised us. Many of our images weren’t up to date. In fact, some had critical vulnerabilities. Since we were starting with repository images we set up a processes to run VCTR regularly on the Docker repository images to see what we’d find. The results, not surprisingly, are mixed. Some images are being maintained very well with only a few package updates missing. On the other hand, some are dozens of updates behind.
Since so many other Docker users also rely on the images in the repository we figured we’d share the data. Therefore, we’ve set up a page compiling the results of VCTR scans for the most popular images in the Docker Hub repository. Just click on the page image to check out the results for yourself.
If you want to check your own systems try the self-service page. It’s free and no registration is requred.