Sysdig Report Says 58% Of Container Images Run As Root

TL;DR

Sysdig, the cloud-based security startup, released the 2021 Container Security and Usage report that analyzes the trends of the Sysdig enterprise customer base. One of the most disturbing trends highlighted in the report is that most customers did not understand the risk of containers running as root.

A container runtime is a software that executes containers and manages container images in a machine
A container runtime is a software that executes containers and manages container images in a machine
Key Facts
  1. 1

    The report emphasized the need for developers to set policies that will help detect anomalous behavior and trigger security alerts at run time. Runtime security for Kubernetes is still not a priority for many organizations.

  2. 2

    Organizations understand the need to scan for vulnerabilities, but they still do not scan for common configuration mistakes. 58% of all images are running as root, which may potentially compromise privileged containers.

  3. 3

    According to the report, Sysdig noticed a rise in suspicious filesystem and container violations. The violations were detected by Falco security policies that are enabled by default in Sysdig Secure.

  4. 4

    The report also highlighted Falco, the CNCF Open Source project contributed by Sysdig, which now has over 20 million Docker Hub pulls, accounting for 300% growth. Falco enables the definition of runtime policies that detect security violations and generate alerts.

Details

According to the Sysdig report, 58% of all container images run as root. Container images, unless specifically needed, should be run in the context of a less privileged user than the root to minimize the chances of a breach.

The report also says that organizations have only just begun addressing the need for runtime security for Kubernetes. A container runtime is software that executes containers and manages container images in a machine.

The 2021 Container Security and Usage report also listed the top 7 runtime policy violations:

  1. Write below etc: Adding or altering files may be an attempt to change the application behavior.
  2. Launch Privileged Container: These can interact with host system devices causing harm to the host OS.
  3. Write below root: Modifying data in these directories could be an illegal attempt to install software on the container.
  4. Suspicious Filesystem changes: It could be an attempt to access sensitive data.
  5. Launch Sensitive Mount Container: Indicates the container may have access to data volumes containing sensitive information.
  6. Suspicious Container activity: May indicate compromise within the container system.
  7. Terminal shell in container: Enables the attacker to manipulate or initiate malicious activity on the system.

Recommended read: 51% of 4 million Docker images have critical vulnerabilities

With increasing concerns about security in container environments, the continuing growth of Falco means more users are taking advantage of community-based rules. As the Falco project grows, Kubernetes security is strengthened by the collective group working together against bad actors.
avatar
Chris Aniszczyk
CTO of CNCF

Get similar sotries in your inbox weekly, for free

Is this news interesting? Share it with your followers
AllEbooksFBADSquare.png
Learn Cloud Native Technologies

Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png
DevOps and the Alternative Cloud Research Report

Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png
Listen to the stories behind the stories and learn new things each week

The DevOps FAUNCast

linode2.jpg
The Cloud Computing Golden Ratio

Discover the golden ratio of price to performance

FAUN.png
The all-in-one cloud security platform for developers

Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies
Sponsor The Chief I/O

Get in touch!

AllEbooksFBADSquare.png

Learn Cloud Native Technologies
Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png

DevOps and the Alternative Cloud Research Report
Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png

Listen to the stories behind the stories and learn new things each week
The DevOps FAUNCast

linode2.jpg

The Cloud Computing Golden Ratio
Discover the golden ratio of price to performance

FAUN.png

The all-in-one cloud security platform for developers
Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies

Sponsor The Chief I/O
Get in touch!

Top news this week
OpenAI Codex has a superior understanding of popular coding methods.

Github Copilot: Microsoft's Advanced Investment in Automatic Coding

CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation

Code Quality and Security Ensured With CI/CD Experience for Github Actions

Nvidia expended 80 top drawer AI software A100 graphics card, the DGX A100 to Cambridge-1

NVIDIA Takes AI Initiative With a Supercomputer To Support UK Healthcare

Training and optimizing a machine learning model - a very demanding task, has now become simplified.

IBM Launches Codeflare, An Open Source Machine Learning Workflow Catalyst

The average figure for the number of Kubernetes clusters constantly in production is 2.5%.

Cloud-Native Report 2021 Elucidates Kubernetes Challenges

This new version comes with a bag of new advancements that delivers functions that are not on the old versions.

Kubernetes: Lens 5.0 Delivers Cloud in 4k

With it is a bulky stack of automation tools that support multi-vendor software-based networking.

IBM Launches AI-Powered Automation Software

Free guides & whitepapers
CFX BG.jpg

Leading Healthcare Provider in the US gets real-time visibility with CloudFabrix AIOps 2.0

Istio - This is what you need to know

Istio - This is what you need to know

Kubernetes 101

Kubernetes 101

The Guide To Kubernetes

Kubernetes For The Busy Developer