Investigating and Mitigating the Impact of Technical Lag and Different architectures on Container Image Security

Abstract

Containerization technology has revolutionized software development and deployment by providing a more lightweight and scalable alternative to traditional virtualization. However, containers running on different architectures, such as ARM or AMD, use distinct images, which could lead to more security issues when selecting different architectures. Moreover, there needs to be more knowledge of how containers become outdated when released in production. This article addresses these questions by performing a deep comparison and analysis of two major container image architectures, namely ARM and AMD, for a dataset of 2500 container images using vulnerability scanners such as Clair, Trivy, Anchore, and Snyk and by measuring and comparing three dimensions of technical lag that Docker container images can face: time lag, version lag, and vulnerability lag. Finally, we applied what we learned from this research to our partner company to enhance the security of the company’s container images in production.

Our results indicate no significant difference in the context of vulnerabilities among different architectures. Furthermore, our analysis revealed that the various dimensions of technical lag are complementary, providing multiple insights. Specifically, we found that official images consistently have a lower vulnerability lag than community images. Based on our findings, we recommend to our partner company the regular monitoring and updating of container images, with a focus on official images, to minimize vulnerability lag. In addition, our research highlights the importance of taking proactive measures to manage container image security in a production environment.