Sysdig’s Third Annual Container Usage Report Reveals that Container Lifespan has Been Cut in Half.

OCTOBER 29, 2019


Report finds that 50% of containers live less than five minutes and the number of containers alive for 10 seconds or less doubled, highlighting the need for container-specific security controls

SAN FRANCISCO, Oct. 29, 2019 – Sysdig, Inc., the secure DevOps leader, today announced findings from its Sysdig 2019 Container Usage Report. The annual report reveals how Sysdig customers of all sizes are using containers. This real-world data provides insight into usage of more than two million containers across a broad cross-section of industries. For the third year in a row, the Sysdig report finds that container usage has grown in scale and complexity, and doubled in density. As container technologies continue to transform how organizations deliver applications, it is important for enterprises to understand how to securely operate container workloads in production and take steps to prepare for the massive growth expected.

Download the full Sysdig 2019 Container Usage Report here.

New to the report this year are additional data sources that dig deeper into Kubernetes security threats and compliance violations. The report includes the ten most common runtime security violations. Attempts to alter files, a possible indication of an attempt to access sensitive configurations or install malware, shows up as the most frequent issue. The report also lists the most common Center for Internet Security (CIS) Docker Benchmark violations.

The 2019 Sysdig report investigates the most popular open source technologies used in production, the most common alert conditions, the most popular container registries, and Kubernetes usage trends, among other data points. Many of the largest companies rely on Sysdig for cloud-native security and visibility, which uniquely positions Sysdig to understand the state of cloud-native adoption.

Highlights from the report

50% of containers live less than five minutes
This is a dramatic change from last year, when only 20% of containers lived less than five minutes. Many containers need to only live long enough to execute a function and then terminate when complete. The broader adoption of batch data processing with Kubernetes Jobs and serverless frameworks on Kubernetes have contributed to the growth of short-lived containers. The ephemeral nature of containers is one of the unique advantages of the technology, yet at the same time can be a challenge in managing issues around security, health, and performance. This reaffirms the fact that enterprises need real-time threat prevention as well as detailed auditing and forensics tools.

52% of images scanned by Sysdig have known vulnerabilities
The Sysdig report also finds that 40% of Sysdig customers’ images are from public sources. Considering less than one percent of Docker Hub images are certified trustworthy, using publicly sourced images exposes enterprises to risk. Enterprises need to embed security into the CI/CD pipeline, including scanning during the build phase, as well as checking for new vulnerabilities at runtime.

Containers-per-host density increases 100%
Over the past year, the median number of containers per host doubled to 30, indicating a growth in the number of applications being transitioned to cloud-native infrastructure and an increase in compute “horsepower,” which has enabled more containers to run on each node.

Use of Prometheus metrics increases 130%
Year-over-year, Prometheus metric use grew 130% across Sysdig customers – increasing to 46%. As the use of new programming frameworks expands, alternatives like JMX metrics (for Java applications) and StatsD are diminishing, down 45% and 17% respectively. Prometheus has been widely adopted as a metric standard in projects like Kubernetes, OpenShift, and Istio. In addition, an increasing number of “exporters” are available to provide metrics for a wide range of third-party applications and services. The increased volume of containers and hosts drives the need for tools that enable Prometheus monitoring at scale across clusters and clouds, such as Sysdig Monitor.

11% of customers are operating in multi-cloud
Multi-cloud is here thanks to Kubernetes. Eleven percent of Sysdig customers operate containers across more than one public cloud. Because of Kubernetes, which has been cemented as the de facto operating system of the cloud, enterprises do not have to fear vendor lock in and they are able to make multi-cloud a reality.

Go and Node.js overtake Java as top cloud application frameworks
There are clear winners for programming languages and frameworks. Go and Node.js overtook Java as top cloud app frameworks, neither of which made the top 10 list last year. Java has long been one of the most prominent programming languages, but newer options like Go, created by Google engineers, have gained favor in part because of their ease of use.

“With container density doubling since our last report, it’s evident that the rate of adoption is accelerating as usage matures. With that said, containers are black boxes that work well as application building blocks, but they are invisible to conventional security and visibility tools,” said Suresh Vasudevan, Sysdig Chief Executive Officer. “With this report, we hope to educate enterprises on existing challenges and how to run cloud-native environments in production, which should include a secure DevOps approach.”

Learn more about this report

Media Contact

Amanda McKinney, 280blue, Inc.
[email protected]

Sysdig Logo

About Sysdig In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig, rated #1 for CSPM in the Gartner Peer Insights “Voice of a Customer” report, correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation.

Sysdig. Secure Every Second.