WHOBUILT ™SUBSCRIBE →

A Decade of Docker: What the Data Actually Shows

MAR 08DEV3 MIN READ293202 COMMENTS

Docker turned ten in 2023, and an ACM research paper now provides longitudinal data on what a decade of container adoption actually looked like. The study examined millions of images on Docker Hub alongside CI pipeline data and production deployment patterns, generating the first large-scale empirical view of how containerization evolved from a developer tool into the default deployment primitive for cloud-native software. The findings are a mix of expected trends and uncomfortable numbers that anyone running containers in 2026 should look at.

Image Hygiene and Abandoned Containers

The most striking finding concerns image hygiene. The vast majority of public Docker images on Docker Hub are effectively abandoned shortly after creation. For non-official images, a significant proportion are never updated after their initial push — meaning frozen dependencies and frozen vulnerabilities. Container runtimes do not force updates. Nothing prompts a rebuild just because the underlying packages have received security patches. The research makes clear this is not a marginal issue: stale images represent a substantial portion of what organizations actually run in production.

Base Images Got Smaller, Security Did Not

Base image selection shows a more encouraging trend. The industry has moved toward smaller, more minimal base images over the decade. Alpine and distroless variants have gained ground at the expense of full Debian and Ubuntu images, and the FROM scratch pattern is now mainstream for stateless services. The research shows this shift happened unevenly: individual developers adopted minimal base images years before enterprises did, and legacy internal images show almost no movement toward minimization even a decade in.

Security findings are harder to spin positively. A consistent pattern across the dataset shows that a substantial share of production containers ran as root even as tooling to prevent this became standard practice. Dockerfile HEALTHCHECK instructions, capability dropping, and explicit non-root user declarations remain underutilized relative to their availability in the ecosystem. The gap between what container security tooling recommends and what production images actually do has narrowed but remains wide. Security posture in containerized environments lags significantly behind what the tooling makes possible.

Kubernetes Won the Orchestration Wars

Orchestration, by contrast, consolidated faster than most predictions. By 2020 the container orchestration wars were functionally over. Docker Swarm, Nomad, and Mesos retained specific niches, but Kubernetes became the dominant runtime for containerized workloads at scale. The decade from 2013 to 2023 moved containers from a novelty at PyCon to infrastructure default.

What Teams Should Do in 2026

For teams running containers in 2026, the decade of data points toward three actions: establish automated base image update cadence rather than relying on manual discipline, enforce non-root container execution as a pipeline requirement rather than a recommendation, and treat your Dockerfile with the same review rigor as the application it ships. The research shows what happens when those practices are skipped at scale — and the answer is not encouraging.

// ENGLISH
KEY POINTS:

- ACM study covers 10 years of Docker adoption across millions of images
- Most non-official Docker Hub images are never updated after initial push
- Base image trend: Alpine and distroless replaced Debian/Ubuntu over the decade
- Significant share of production containers still run as root in 2023
- Kubernetes won the orchestration wars by 2020; alternatives retained only niches
- Security tooling improvements not reflected in actual production image posture
- Shift to minimal base images happened faster in individual dev than enterprise