Report finds that 50% of containers live less than five minutes and the number of containers alive for 10 seconds or less doubled, highlighting the need for container-specific security controls

SAN FRANCISCO, Oct. 29, 2019 – Sysdig, Inc., the secure DevOps leader, today announced findings from its Sysdig 2019 Container Usage Report. The annual report reveals how Sysdig customers of all sizes are using containers. This real-world data provides insight into usage of more than two million containers across a broad cross-section of industries. For the third year in a row, the Sysdig report finds that container usage has grown in scale and complexity, and doubled in density. As container technologies continue to transform how organizations deliver applications, it is important for enterprises to understand how to securely operate container workloads in production and take steps to prepare for the massive growth expected. Download the full Sysdig 2019 Container Usage Report here. ^[1]

New to the report this year are additional data sources that dig deeper into Kubernetes security threats and compliance violations. The report includes the ten most common runtime security violations. Attempts to alter files, a possible indication of an attempt to access sensitive configurations or install malware, shows up as the most frequent issue. The report also lists the most common Center for Internet Security (CIS) Docker Benchmark violations.

The 2019 Sysdig report investigates the most popular open source technologies used in production, the most common alert conditions, the most popular container registries, and Kubernetes usage trends, among other data points. Many of the largest companies rely on Sysdig for cloud-native security and visibility, which uniquely positions Sysdig to understand the state of cloud-native adoption.

Highlights from the report

50% of containers live less than five minutes
This is a dramatic change from last year, when only 20% of containers lived less than five minutes. Many containers need to only live long enough to execute a function and then terminate when complete. The broader adoption of batch data processing with Kubernetes Jobs and serverless frameworks on Kubernetes have contributed to the growth of short-lived containers. The ephemeral nature of containers is one of the unique advantages of the technology, yet at the same time can be a challenge in managing issues around security, health, and performance. This reaffirms the fact that enterprises need real-time threat prevention as well as detailed auditing and forensics tools. 52% of images scanned by Sysdig have known vulnerabilities
The Sysdig report also finds that 40% of Sysdig customers’ images are from public sources. Considering less than one percent of Docker Hub images are certified trustworthy, using publicly sourced images exposes enterprises to risk. Enterprises need to embed security into the CI/CD pipeline, including scanning during the build phase, as well as checking for new vulnerabilities at runtime.