While usage reveals organizations are shifting left by scanning images during the build phase, DevOps teams are still leaving their environments open to attack. Sysdig has announced findings from its Sysdig 2021 Container Security and Usage Report which looks at trends, relieving a 310 percent growth in container density since 2017.

The report reveals that while 74 percent of customers are scanning before deployment, still more than half (58 percent) of containers are running as root.

These risky configurations leave easy access to potentially compromise the system and access sensitive data. This finding stresses the need for security throughout the lifecycle of a container image — fixing vulnerabilities is not enough.

Over the past three years, the median number of containers-per-host more than doubled from 15 in 2018 to 41 today, indicating a growth in efficiency and a shift in cost savings as containers mature. This reveals a continued focus on optimization.

Open source adoption is broader than just Kubernetes as organizations are shifting toward Prometheus as the standard approach to monitoring container environments. The use of Prometheus metrics among Sysdig customers grew 35 percent year-over-year.

In 2017, Docker represented 99% of containers in use at that time. Today, that number has fallen to 50 percent, a 29 percent loss since October 2019. While Docker revolutionized containers, organizations are rapidly switching to newer runtimes like containerd and CRI-O.

The ephemeral nature of containers is a unique efficiency advantage, yet it can be a challenge in managing issues around security, health, and performance. The short life of containers reaffirms the need for container-specific tools for security and monitoring.

For example, organizations need metric collection with intervals of less than 10 seconds and a detailed record of what occured when the container was alive.