Lu, Z., Xu, J., Wu, Y., Wang, T., Huang, T., An empirical case study on the temporary file smell in Dockerfiles. IEEE Access, 2019.
Oumaziz, M.A., Falleri, J.-R., Blanc, X., Bissyandé, T.F., Klein, J., Handling duplicates in dockerfiles families: Learning from experts. 2019 IEEE International Conference on Software Maintenance and Evolution, ICSME, 2019, IEEE, 524–535.
Martin, A., Raponi, S., Combe, T., Di Pietro, R., Docker ecosystem–vulnerability analysis. Comput. Commun. 122 (2018), 30–43.
Bettini, A., Vulnerability exploitation in Docker container environments. https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf, 2015. (Accessed 12 February 2021)
Anchore.io, Snapshot of the container ecosystem. https://anchore.com/wp-content/uploads/2017/04/Anchore-Container-Survey-5.pdf, 2017. (Accessed 12 February 2021)
Shu, R., Gu, X., Enck, W., A study of security vulnerabilities on Docker Hub. International Conference on Data and Application Security and Privacy, 2017, ACM, 269–280.
Gummaraju, J., Desikan, T., Turner, Y., Over 30% of official images in Docker Hub contain high priority security vulnerabilities. 2015.
Zerouali, A., Mens, T., Robles, G., Gonzalez-Barahona, J.M., On the relation between outdated Docker containers, severity vulnerabilities, and bugs. International Conference on Software Analysis, Evolution and Reengineering, 2019, IEEE, 491–501, 10.1109/SANER.2019.8668013.
Zerouali, A., Cosentino, V., Mens, T., Robles, G., Gonzalez-Barahona, J.M., On the impact of outdated and vulnerable JavaScript packages in Docker images. International Conference on Software Analysis, Evolution and Reengineering, 2019, IEEE, 619–623.
Decan, A., Mens, T., Grosjean, P., An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empir. Softw. Eng. 24:1 (2019), 381–416, 10.1007/s10664-017-9589-y.
Li, Z., Kihl, M., Lu, Q., Andersson, J.A., Performance overhead comparison between hypervisor and container based virtualization. International Conference on Advanced Information Networking and Applications, AINA, 2017, IEEE, 955–962.
Acharya, A., Fanguède, J., Paolino, M., Raho, D., A performance benchmarking analysis of hypervisors containers and unikernels on ARMv8 and x86 CPUs. 2018 European Conference on Networks and Communications, EuCNC, 2018, IEEE, 282–289.
Cito, J., Schermann, G., Wittern, J.E., Leitner, P., Zumberi, S., Gall, H.C., An empirical analysis of the Docker container ecosystem on GitHub. International Conference on Mining Software Repositories, 2017, IEEE Press, 323–333.
Henkel, J., Bird, C., Lahiri, S.K., Reps, T., Learning from, understanding, and supporting DevOps artifacts for Docker. International Conference on Software Engineering, 2020, ACM.
Socchi, E., Luu, J., A deep dive into Docker Hub's security landscape – a story of inheritance?. Master's thesis, 2019, Department of Informatics, University of Oslo.
Zerouali, A., Mens, T., Gonzalez-Barahona, J., Decan, A., Constantinou, E., Robles, G., A formal framework for measuring technical lag in component repositories—and its application to npm. J. Softw. Evol. Process, 2019.
Node.js Docker Team, node. https://hub.docker.com/_/node. (Accessed 12 February 2021)
Docker Community, python. https://hub.docker.com/_/python. (Accessed 12 February 2021)
Docker Community, ruby. https://hub.docker.com/_/ruby. (Accessed 12 February 2021)
npm, npm-ls: list installed packages. https://docs.npmjs.com/cli/ls. (Accessed 12 February 2021)
Python Packaging Authority, pip freeze. https://pip.pypa.io/en/stable/reference/pip_freeze/. (Accessed 12 February 2021)
Ruby Community, gem list. https://guides.rubygems.org/command-reference/. (Accessed 12 February 2021)
Romano, J., Kromrey, J.D., Coraggio, J., Skowronek, J., Devine, L., Exploring methods for evaluating group differences on the NSSE and other surveys: are the t-test and Cohen's d indices the most appropriate choices?. Annual Meeting of the Southern Association for Institutional Research, 2006.
Katz, J., Libraries.io open source repository and dependency metadata. https://doi.org/10.5281/zenodo.3626071, Jan. 2020.
Zaman, S., Adams, B., Hassan, A.E., Security versus performance bugs: a case study on Firefox. Working Conference on Mining Software Repositories, 2011, ACM, 93–102.
Cox, J., Bouwers, E., van Eekelen, M., Visser, J., Measuring dependency freshness in software systems. International Conference on Software Engineering, 2015, IEEE Press, 109–118.
Decan, A., Mens, T., Constantinou, E., On the impact of security vulnerabilities in the npm package dependency network. International Conference on Mining Software Repositories, 2018.
Ibrahim, M.H., Sayagh, M., Hassan, A.E., Too many images on DockerHub! How different are images for the same system?. Empir. Softw. Eng., 2020, 1–32.
Zerouali, A., A measurement framework for analyzing technical lag in open-source software ecosystems. Ph.D. thesis, September 2019, University of Mons.
Kula, R.G., German, D.M., Ouni, A., Ishio, T., Inoue, K., Do developers update their library dependencies?. Empir. Softw. Eng. 23:1 (2017), 384–417.
Salza, P., Palomba, F., Di Nucci, D., D'Uva, C., De Lucia, A., Ferrucci, F., Do developers update third-party libraries in mobile apps?. Proceedings of the 26th Conference on Program Comprehension, 2018, 255–265.
Wohlin, C., Runeson, P., Host, M., Ohlsson, M.C., Regnell, B., Wesslen, A., Experimentation in Software Engineering - An Introduction. 2000, Kluwer.