Name
Abstract | ||
|---|---|---|
Containerized applications, and in particular Docker images, are becoming a common solution in cloud environments to meet ever-increasing demands in terms of portability, reliability and fast deployment. A Docker image includes all environmental dependencies required to run it, such as specific versions of system and third-party packages. Leveraging on its modularity, an image can be easily embedded in other images, thus simplifying the way of sharing dependencies and building new software. However, the dependencies included in an image may be out of date due to backward compatibility requirements, endangering the environments where the image has been deployed with known vulnerabilities. While previous research efforts have focused on studying the impact of bugs and vulnerabilities of system packages within Docker images, no attention has been given to third-party packages. This paper empirically studies the impact of npm JavaScript package vulnerabilities in Docker images. We based our analysis on 961 images from three official repositories that use Node.js, and 1,099 security reports of packages available on npm, the most popular JavaScript package manager. Our results reveal that the presence of outdated npm packages in Docker images increases the risk of potential security vulnerabilities, suggesting that Docker maintainers should keep their installed JavaScript packages up to date. |
Year | DOI | Venue |
|---|---|---|
2019 | 10.1109/SANER.2019.8667984 | 2019 IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER) |
Keywords | Field | DocType |
Security,Libraries,Operating systems,Time measurement,Data mining,Software reliability | Software deployment,Software engineering,Computer science,Software,Software portability,Software quality,Backward compatibility,Modularity,JavaScript,Cloud computing | Conference |
ISBN | Citations | PageRank |
978-1-7281-0591-8 | 3 | 0.42 |
References | Authors | |
0 | 5 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ahmed Zerouali | 1 | 24 | 1.81 |
| Valerio Cosentino | 2 | 95 | 11.87 |
| Tom Mens | 3 | 3018 | 181.32 |
| Gregorio Robles | 4 | 1294 | 91.67 |
| Jesús M. González-barahona | 5 | 462 | 35.96 |