On the usage of JavaScript, Python and Ruby packages in Docker Hub images

Zerouali, Ahmed; Mens, Tom; De Roover, Coen

doi:10.1016/j.scico.2021.102653

Request a copy

Article (Scientific journals)

On the usage of JavaScript, Python and Ruby packages in Docker Hub images

Zerouali, Ahmed; Mens, Tom; De Roover, Coen

2021 • In Science of Computer Programming, 207, p. 102653

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/20.500.12907/18123

DOI
10.1016/j.scico.2021.102653

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

1-s2.0-S0167642321000460-main.pdf

Publisher postprint (730.55 kB)

Request a copy

All documents in ORBi UMONS are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

[en] Docker; [en] software containerisation; [en] outdated software; [en] software vulnerability; [en] third-party library; Software

Disciplines :

Computer science
Electrical & electronics engineering

Author, co-author :

Zerouali, Ahmed

Mens, Tom ; Université de Mons > Faculté des Sciences > Service de Génie Logiciel

De Roover, Coen

Language :

English

Title :

On the usage of JavaScript, Python and Ruby packages in Docker Hub images

Publication date :

07 January 2021

Journal title :

Science of Computer Programming

ISSN :

0167-6423

Publisher :

Elsevier, Netherlands

Volume :

207

Pages :

102653

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

https://api.elsevier.com/content/article/PII:S0167642321000460?httpAccept=text/xml

Research unit :

S852 - Génie Logiciel

Research institute :

R300 - Institut de Recherche en Technologies de l'Information et Sciences de l'Informatique

Funders :

FRS-FNRS
FWO

Available on ORBi UMONS :

since 10 January 2022

Statistics

Number of views

4 (1 by UMONS)

Number of downloads

0 (0 by UMONS)

More statistics

Bibliography

Bernstein, D., Containers and cloud: from LXC to Docker to Kubernetes. IEEE Cloud Comput. 1:3 (2014), 81–84.
Turnbull, J., The Docker Book: Containerization is the New Virtualization. 2014.
Stack Overflow, 2020 Stack Overflow developer survey. https://insights.stackoverflow.com/survey/2020, 2020. (Accessed 12 February 2021)
Lu, Z., Xu, J., Wu, Y., Wang, T., Huang, T., An empirical case study on the temporary file smell in Dockerfiles. IEEE Access, 2019.
Oumaziz, M.A., Falleri, J.-R., Blanc, X., Bissyandé, T.F., Klein, J., Handling duplicates in dockerfiles families: Learning from experts. 2019 IEEE International Conference on Software Maintenance and Evolution, ICSME, 2019, IEEE, 524–535.
Martin, A., Raponi, S., Combe, T., Di Pietro, R., Docker ecosystem–vulnerability analysis. Comput. Commun. 122 (2018), 30–43.
Bettini, A., Vulnerability exploitation in Docker container environments. https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf, 2015. (Accessed 12 February 2021)
Anchore.io, Snapshot of the container ecosystem. https://anchore.com/wp-content/uploads/2017/04/Anchore-Container-Survey-5.pdf, 2017. (Accessed 12 February 2021)
Shu, R., Gu, X., Enck, W., A study of security vulnerabilities on Docker Hub. International Conference on Data and Application Security and Privacy, 2017, ACM, 269–280.
Gummaraju, J., Desikan, T., Turner, Y., Over 30% of official images in Docker Hub contain high priority security vulnerabilities. 2015.
Zerouali, A., Mens, T., Robles, G., Gonzalez-Barahona, J.M., On the relation between outdated Docker containers, severity vulnerabilities, and bugs. International Conference on Software Analysis, Evolution and Reengineering, 2019, IEEE, 491–501, 10.1109/SANER.2019.8668013.
Zerouali, A., Cosentino, V., Mens, T., Robles, G., Gonzalez-Barahona, J.M., On the impact of outdated and vulnerable JavaScript packages in Docker images. International Conference on Software Analysis, Evolution and Reengineering, 2019, IEEE, 619–623.
Decan, A., Mens, T., Grosjean, P., An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empir. Softw. Eng. 24:1 (2019), 381–416, 10.1007/s10664-017-9589-y.
Li, Z., Kihl, M., Lu, Q., Andersson, J.A., Performance overhead comparison between hypervisor and container based virtualization. International Conference on Advanced Information Networking and Applications, AINA, 2017, IEEE, 955–962.
Acharya, A., Fanguède, J., Paolino, M., Raho, D., A performance benchmarking analysis of hypervisors containers and unikernels on ARMv8 and x86 CPUs. 2018 European Conference on Networks and Communications, EuCNC, 2018, IEEE, 282–289.
Cito, J., Schermann, G., Wittern, J.E., Leitner, P., Zumberi, S., Gall, H.C., An empirical analysis of the Docker container ecosystem on GitHub. International Conference on Mining Software Repositories, 2017, IEEE Press, 323–333.
Henkel, J., Bird, C., Lahiri, S.K., Reps, T., Learning from, understanding, and supporting DevOps artifacts for Docker. International Conference on Software Engineering, 2020, ACM.
Socchi, E., Luu, J., A deep dive into Docker Hub's security landscape – a story of inheritance?. Master's thesis, 2019, Department of Informatics, University of Oslo.
Zerouali, A., Mens, T., Gonzalez-Barahona, J., Decan, A., Constantinou, E., Robles, G., A formal framework for measuring technical lag in component repositories—and its application to npm. J. Softw. Evol. Process, 2019.
Preston-Werner, T., Semantic versioning 2.0.0. https://semver.org/, 2013. (Accessed 12 February 2021)
Node.js Docker Team, node. https://hub.docker.com/_/node. (Accessed 12 February 2021)
Docker Community, python. https://hub.docker.com/_/python. (Accessed 12 February 2021)
Docker Community, ruby. https://hub.docker.com/_/ruby. (Accessed 12 February 2021)
npm, npm-ls: list installed packages. https://docs.npmjs.com/cli/ls. (Accessed 12 February 2021)
Python Packaging Authority, pip freeze. https://pip.pypa.io/en/stable/reference/pip_freeze/. (Accessed 12 February 2021)
Ruby Community, gem list. https://guides.rubygems.org/command-reference/. (Accessed 12 February 2021)
Romano, J., Kromrey, J.D., Coraggio, J., Skowronek, J., Devine, L., Exploring methods for evaluating group differences on the NSSE and other surveys: are the t-test and Cohen's d indices the most appropriate choices?. Annual Meeting of the Southern Association for Institutional Research, 2006.
Katz, J., Libraries.io open source repository and dependency metadata. https://doi.org/10.5281/zenodo.3626071, Jan. 2020.
Zaman, S., Adams, B., Hassan, A.E., Security versus performance bugs: a case study on Firefox. Working Conference on Mining Software Repositories, 2011, ACM, 93–102.
Cox, J., Bouwers, E., van Eekelen, M., Visser, J., Measuring dependency freshness in software systems. International Conference on Software Engineering, 2015, IEEE Press, 109–118.
Decan, A., Mens, T., Constantinou, E., On the impact of security vulnerabilities in the npm package dependency network. International Conference on Mining Software Repositories, 2018.
Ibrahim, M.H., Sayagh, M., Hassan, A.E., Too many images on DockerHub! How different are images for the same system?. Empir. Softw. Eng., 2020, 1–32.
Zerouali, A., A measurement framework for analyzing technical lag in open-source software ecosystems. Ph.D. thesis, September 2019, University of Mons.
Kula, R.G., German, D.M., Ouni, A., Ishio, T., Inoue, K., Do developers update their library dependencies?. Empir. Softw. Eng. 23:1 (2017), 384–417.
Salza, P., Palomba, F., Di Nucci, D., D'Uva, C., De Lucia, A., Ferrucci, F., Do developers update third-party libraries in mobile apps?. Proceedings of the 26th Conference on Program Comprehension, 2018, 255–265.
Wohlin, C., Runeson, P., Host, M., Ohlsson, M.C., Regnell, B., Wesslen, A., Experimentation in Software Engineering - An Introduction. 2000, Kluwer.