Helm Charts for Kubernetes Applications: Evolution, Outdatedness and Security Risks

Research output: Chapter in Book/Report/Conference proceedingConference paper

105 Downloads (Pure)

Abstract

Using Kubernetes for the deployment, management and scaling of containerized applications has become a common practice. To facilitate the installation and management of these applications, practitioners can use the Helm package manager to assemble their configuration files into charts. The latter are reusable packages of pre-configured Kubernetes resources that can be deployed as a unit. In this paper, we aim to support chart developers and users by carrying out a comprehensive study on publicly available charts. For 9,482 charts that are distributed via the Artifact Hub repository, we mine and collect the list of their metadata, versions, dependencies, maintainers and container images. Then, we carry out an empirical analysis to assess the state and evolution of charts, as well as the outdatedness and security risks of their images. We found that the ecosystem forming around Helm charts is growing fast. However, most of the charts are not official with no popularity and no license. We also observed that charts tend to release multiple versions, but around half of them are still in the initial development phase. When looking at the container images used in charts, we found that around half of them are outdated and 88.1% of them are exposed to vulnerabilities, jeopardizing 93.7% of the charts.
Original languageEnglish
Title of host publicationProceedings of the 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR 2023)
PublisherIEEE
Pages523-533
Number of pages11
ISBN (Electronic)979-8-3503-1184-6
DOIs
Publication statusPublished - 15 May 2023
Event20th International Conference on Mining Software Repositories - Melbourne Convention Exhibition Center, Melbourne, Australia
Duration: 15 May 202316 May 2023
https://conf.researchr.org/home/msr-2023

Publication series

NameProceedings - 2023 IEEE/ACM 20th International Conference on Mining Software Repositories, MSR 2023

Conference

Conference20th International Conference on Mining Software Repositories
Abbreviated titleMSR 2023
Country/TerritoryAustralia
CityMelbourne
Period15/05/2316/05/23
Internet address

Bibliographical note

Funding Information:
This research was partially funded by the “Cybersecurity Initiative Flanders” project and the Research Foundation Flanders (FWO) under Grant No. 1SD4321N.

Publisher Copyright:
© 2023 IEEE.

Copyright:
Copyright 2023 Elsevier B.V., All rights reserved.

Keywords

  • Kubernetes
  • Helm
  • Software Ecosystem
  • Infrastructure as code
  • Evolution
  • Security

Fingerprint

Dive into the research topics of 'Helm Charts for Kubernetes Applications: Evolution, Outdatedness and Security Risks'. Together they form a unique fingerprint.

Cite this