While Docker images may be valuable to application container technology, they come at a security cost. A new report reveals the top 10 most popular Docker images each contain at least 30 vulnerabilities. According to the 2019 State of Open-Source Security report by Snyk, an open-source security platform provider, “Docker images almost always bring known vulnerabilities alongside their great value.”
The report revealed that in every Docker image scanned, there were vulnerable versions of system libraries. System libraries are commonly available in many Docker images because they rely on a parent image that is commonly using a Linux distribution as a base, Snyk explained.
The report also found that among the most popular images, the official Node.js image ships 580 vulnerable system libraries. Better variations of node such as the node:10-slim image tag pulled 71 vulnerable system libraries while node:10-alpine pulled none.
Next on the list of top Docker images is Postgres with 89 vulnerabilities, Nginx at 85 and HTTPD at 69. Mongo and MySQL were found to have 61 vulnerabilities while Couchbase, Memcached and Redis all had 47. Ubuntu had the least known vulnerabilities at 30.
According to Snyk, 44 percent of image vulnerabilities can be fixed by swapping to an available base image that is more secure and 20 percent of images can be fixed with a rebuild.
In addition, the report finds that Linux OS vulnerabilities were four times higher in 2018 than what they were in 2017.
More information is available here.