Sysdig Container Security report

A recent survey has revealed that container security is shifting left with 74% of organizations scanning container images during the build process. Unfortunately, the report also revealed that the majority of container images are overly permissive.

According to Sysdig’s fourth annual Sysdig Container Security and Usage report, 58% of containers analyzed were running as a root user. “This indicates that while shifting left is a good start and might help catch vulnerabilities sooner, there is still a need for runtime scanning to detect when configuration errors occur,” Aaron Newcomb, director of product marketing at Sysdig, wrote in a blog post explaining the report. 

Another challenge to security arises when considering the fact that a majority of containers are alive for less than a week. According to the report, 49% of containers live for less than five minutes, with 21% living less than 10 seconds. These short lifespans cause challenges when it comes to auditing for security problems because many monitoring tools aren’t able to provide detailed information in that short period of time. 

The report also found that users seem to be turning to open-source solutions to manage container security concerns. For example, Sysdig’s open-source security project Falco has seen 300% growth and has had. over 20 million Docker Hub pulls.

“Container security is a growing concern for companies, as indicated by the effort put into shifting left and the astounding adoption of Falco since our last usage report. However, organizations need to remain vigilant in their efforts to examine runtime activity to be able to detect configuration errors and attacks,” Newcomb wrote.