Shifting Docker security left
The Docker security report Shifting Docker security left captures data based on a survey in which hundreds of open source developers and maintainers participated, data taken from public application registries, publicly available Docker images, GitHub repositories, and Snyk’s comprehensive vulnerability database (which pulls in data from hundreds of thousands of projects).
Key findings include:
- 50% of developers don’t scan their Docker images for vulnerabilities at all.
- The top 10 most popular docker images contain at least 30 vulnerabilities each.
- 45% of developers never discover new vulnerabilities disclosed in their production containers.
- 44% of Docker images had known vulnerabilities for which there were newer and more secure base images available.
This report also gives actionable advice on how to increase docker security: choosing the right base image, rebuilding images and scanning both development & production.
Want to learn more? Download the report for free!