Sysdig's Third Annual Container Usage Report Reveals that Container Lifespan has been Cut in Half

Sysdig's Third Annual Container Usage Report Reveals that Container Lifespan has been Cut in Half

SAN FRANCISCO, Oct. 29, 2019 – Sysdig, Inc., the secure DevOps leader, announced today findings from its Sysdig 2019 Container Usage Report. Using real-world usage data, the annual report reveals how Sysdig customers from a broad cross-section of vertical industries and companies are using more than two million containers in real time. For the third year in a row, the Sysdig report found that container usage has grown in scale and complexity, and doubled in density. As container technologies continue to transform how organizations deliver applications, it is important for enterprises to understand how to securely operate container workloads in production and take steps to prepare for the massive growth expected. 

Download the full Sysdig 2019 Container Usage Report here.

New to the report this year, Sysdig has incorporated additional data sources to dig deeper into Kubernetes security threats and compliance violations. The report includes the ten most common runtime security violations, with the most frequent issue being an attempt to alter files, a possible indication of an attempt to access sensitive configurations or install malware. The report also lists the most common Center for Internet Security (CIS) Docker Benchmark violations. 

The 2019 Sysdig report investigates the most popular open source technologies used in production, the most common alert conditions, the most popular container registries, and Kubernetes usage trends, among other data points. Many of the largest companies rely on Sysdig for cloud-native security and visibility, which uniquely positions Sysdig to understand the state of cloud-native adoption. 

Highlights from the report

50% of containers live less than five minutes
This is a dramatic change from last year, when only 20% of containers lived less than five minutes. Many containers need to only live long enough to execute a function and then terminate when complete. The broader adoption of batch data processing with Kubernetes Jobs and serverless frameworks on Kubernetes have contributed to the growth of short-lived containers. The ephemeral nature of containers is one of the technology's unique advantages, yet at the same time can be a challenge in managing issues around security, health, and performance. This reaffirms the fact that enterprises need detailed auditing and forensics tools. 

52% of images scanned by Sysdig identified known vulnerabilities

Sysdig also found that 40% of Sysdig customer images are from public sources. Considering less than one percent of Docker Hub images are certified trustworthy, using publicly sourced images exposes enterprises to risk. Enterprises need to embed security into the CI/CD pipeline, including scanning during the build phase, as well as checking for new vulnerabilities at runtime.

Containers-per-host density increases 100%

Over the past year, the median number of containers per host doubled to 30, indicating a growth in the number of applications being transitioned to cloud-native infrastructure and an increase in compute "horsepower," which has enabled more containers to run on each node.

Use of Prometheus metrics increases 130% 

Year-over-year, Prometheus metric use grew 130% across Sysdig customers – increasing to 46%. As the use of new programming frameworks expands, alternatives like JMX metrics (for Java applications) and StatsD are diminishing, down 45% and 17% respectively. Prometheus has been widely adopted as a metric standard in projects like Kubernetes, OpenShift, and Istio. In addition, an increasing number of "exporters" are available to provide metrics for a wide range of third-party applications and services. The increased volume of containers and hosts drives the need for tools like Sysdig Monitor, that enable Prometheus monitoring at scale across clusters and clouds.

11% of customers are operating in multi-cloud

Multi-cloud is here thanks to Kubernetes. Eleven percent of Sysdig customers operate containers across more than one public cloud. Because of Kubernetes, which has been cemented as the de facto operating system of the cloud, enterprises do not have to fear vendor lock in and they are able to make multi-cloud a reality.

Go and Node.js overtake Java as top cloud application frameworks

There are clear winners for programming languages and frameworks. Go and Node.js overtook Java as top cloud app frameworks, neither of which made the top 10 list last year. Java has long been one of the most prominent programming languages, but newer options like Go, created by Google engineers, have gained favor in part because of their ease of use.

"With container density doubling since our last report, it's evident that the rate of adoption is accelerating as usage matures. With that said, containers are black boxes that work well as application building blocks, but they are invisible to conventional security and visibility tools," said Suresh Vasudevan, Sysdig Chief Executive Officer. "With this report, we hope to educate enterprises on existing challenges and how to run cloud-native environments in production, which should include a secure DevOps approach."

Learn more about this report 

Popular resources

About Sysdig

Sysdig enables companies to confidently run cloud-native workloads in production. With the Sysdig Secure DevOps Platform, cloud teams embed security, maximize availability, and validate compliance. The Sysdig platform is open by design, with the scale, performance, and usability enterprises demand. The largest companies rely on Sysdig for cloud-native security and visibility. Learn more at

Media Contact

Amanda McKinney, 280blue, Inc.