@inproceedings{sara2021icsenier,

title = {Should you Upgrade Official Docker Hub Images in Production Environments?},

author = {Sara Gholami and Hamzeh Khazaei and Cor-Paul Bezemer},

year  = {2021},

date = {2021-01-29},

urldate = {2021-01-29},

booktitle = {ICSE New Ideas and Emerging Results (NIER)},

pages = {1--5},

abstract = {Docker, one of the most popular software containerization technologies, allows a user to deploy Docker images to create and run containers. While Docker images facilitate the deployment and in-place upgrading of an application in a production environment by replacing its container with one based on a newer image, many dependencies could change at once during such an image upgrade, which can potentially be a source of risk. In this paper, we study the official Docker images on Docker Hub and explore how packages are changing in these images. We found that the number of package changes varies across different types of applications and that often the changing packages are utility packages. Our study takes a first important look at potential risks when doing an in-place upgrade of a Docker image.},

keywords = {Containerization, Dependency upgrades, Docker, Docker Hub, Downgrades},

pubstate = {published},

tppubtype = {inproceedings}

}