Sara’s paper “Should you Upgrade Official Docker Hub Images in Production Environments?” was accepted for publication at ICSE New Ideas and Emerging Results (NIER)’21! Super congrats Sara! This was a joint work with Hamzeh Khazaei (York University).
Docker, one of the most popular software containerization technologies, allows a user to deploy Docker images to create and run containers. While Docker images facilitate the deployment and in-place upgrading of an application in a production environment by replacing its container with one based on a newer image, many dependencies could change at once during such an image upgrade, which can potentially be a source of risk. In this paper, we study the official Docker images on Docker Hub and explore how packages are changing in these images. We found that the number of package changes varies across different types of applications and that often the changing packages are utility packages. Our study takes a first important look at potential risks when doing an in-place upgrade of a Docker image.
See our Publications for the paper.