Helm Charts for Kubernetes Applications: Evolution, Outdatedness and Security Risks

Research output: Chapter in Book/Report/Conference proceedingConference paper

15 Downloads (Pure)


Using Kubernetes for the deployment, management and scaling of containerized applications has become a common practice. To facilitate the installation and management of these applications, practitioners can use the Helm package manager to assemble their configuration files into charts. The latter are reusable packages of pre-configured Kubernetes resources that can be deployed as a unit. In this paper, we aim to support chart developers and users by carrying out a comprehensive study on publicly available charts. For 9,482 charts that are distributed via the Artifact Hub repository, we mine and collect the list of their metadata, versions, dependencies, maintainers and container images. Then, we carry out an empirical analysis to assess the state and evolution of charts, as well as the outdatedness and security risks of their images. We found that the ecosystem forming around Helm charts is growing fast. However, most of the charts are not official with no popularity and no license. We also observed that charts tend to release multiple versions, but around half of them are still in the initial development phase. When looking at the container images used in charts, we found that around half of them are outdated and 88.1% of them are exposed to vulnerabilities, jeopardizing 93.7% of the charts.
Original languageEnglish
Title of host publicationProceedings of the 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR 2023)
Number of pages11
ISBN (Electronic)979-8-3503-1184-6
Publication statusPublished - 15 May 2023
Event20th International Conference on Mining Software Repositories - Melbourne Convention Exhibition Center, Melbourne, Australia
Duration: 15 May 202316 May 2023


Conference20th International Conference on Mining Software Repositories
Abbreviated titleMSR 2023
Internet address


  • Kubernetes
  • Helm
  • Software Ecosystem
  • Infrastructure as code
  • Evolution
  • Security

Cite this