docker

Packaging and running applications in containerized environments involves authoring Dockerfiles, building layered images, managing registries and container lifecycle, and using networking/volume primitives to deploy portable, isolated workloads on hosts or orchestrators like Kubernetes.

docker

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

Docker under Siege: Securing Containers in the Modern Era

Feb 25, 2025
GT
Gogulakrishnan Thiyagarajan
🏛️ Cisco Systems Inc | Sri Sri University

Containerization enhances operational efficiency but intensifies multidimensional security challenges—including runtime protection, network isolation, configuration compliance, software supply chain security, and monitoring-response capabilities. To address these, this paper proposes a five-dimensional collaborative governance model for production-grade container security, deeply integrating DevSecOps across the entire lifecycle and transcending traditional perimeter-based defense paradigms. Methodologically, the model unifies eBPF-based real-time runtime detection, OCI image signature verification, SBOM-driven supply chain auditing, zero-trust network policy enforcement, and a tightly coupled Prometheus–Falco incident response mechanism. Evaluated on mainstream cloud-native platforms, the approach reduces critical misconfigurations by 92%, shortens mean vulnerability response time to 3.7 minutes, and enables construction of a CNCF Sig-Security-certified hardened baseline—delivering a practical, layered defense framework for containerized environments.

Addresses vulnerabilities in runtime, network, and supply chainInvestigates security challenges in Docker containerizationProposes SDLC-integrated solutions for resilient container security

Using Containers to Speed Up Development, to Run Integration Tests and to Teach About Distributed Systems

Jul 28, 2025
MM
Marco Mambelli
🏛️ Fermi National Accelerator Laboratory

To address the challenges of difficult development and debugging, complex integration testing environments, and high pedagogical barriers in the GlideinWMS distributed system, this paper proposes the “Workspace Container” methodology—a unified, lightweight, containerized environment for development and education. Built upon a multi-container architecture—including Factory, Frontend, compute nodes, and batch systems—it integrates Docker and VS Code to enable one-click local deployment, offline debugging, and seamless IDE collaboration. The key contribution lies in abstracting development, testing, and teaching workflows into reusable, composable, standardized container units, thereby substantially reducing onboarding overhead for new users. Empirical validation across multiple workshops confirms that the full system runs efficiently on commodity laptops, accelerates development and debugging cycles, and significantly improves instructional interactivity and experimental reproducibility.

Enable hands-on experience with distributed systems in workshopsSimplify training and onboarding for new team membersSpeed up development and testing using container workspaces

Containerization in Multi-Cloud Environment: Roles, Strategies, Challenges, and Solutions for Effective Implementation

Mar 01, 2024
MW
Muhammad Waseem
🏛️ Tampere University | Lancaster University | Wuhan University | Lappeenranta-Lahti University of Technology | University of Oulu | TietoEVRY Oy | Solita Oy | University of Jyväskylä

Research on containerization in multi-cloud environments remains fragmented, lacking a systematic, up-to-date synthesis. Method: We conduct a Systematic Mapping Study (SMS) spanning 2013–2024, analyzing 121 high-quality publications through bibliometric analysis, thematic coding, and ISO/IEC 25010 quality attribute modeling. Contribution/Results: We propose the first four-level classification framework—“Theme–Strategy–Quality Attribute–Tactic”—identifying four core research themes, 98 implementation strategies, 10 critical quality attributes, and 47 corresponding architectural tactics. Innovatively, we introduce a two-dimensional challenge-solution taxonomy organized along Security, Automation, Deployment, and Monitoring dimensions. This yields the first structured, reusable landscape of multi-cloud containerization, bridging theoretical research and industrial practice by supporting architecture design and technology selection—thereby addressing a longstanding gap in systematic knowledge integration for this domain.

Challenges and SolutionsCloud EnvironmentsContainer Technology

Resource Management Schemes for Cloud-Native Platforms with Computing Containers of Docker and Kubernetes

Oct 20, 2020
YM
Ying Mao
🏛️ Fordham University | Dublin City University | Wageningen University

This study addresses prolonged task completion times, low resource utilization, and high resource release latency in Docker/Kubernetes containers on cloud-native platforms running compute-intensive workloads (e.g., big data and deep learning). We systematically evaluate the performance impact of diverse resource scheduling strategies through system-level monitoring—leveraging cgroups and metrics-server—and multi-workload stress testing. For the first time, we empirically quantify how key resource configurations significantly affect task completion time (±79.4% variation) and resource release latency (+116.7% degradation). Based on these findings, we propose an evidence-driven configuration optimization paradigm that reduces maximum task completion time by up to 79.4% and precisely identifies configuration bottlenecks responsible for latency. Our results provide reproducible, transferable empirical foundations for resource management tuning and deployment decisions in cloud-native environments.

Analyzing system overhead and resource usage in cloud-native environmentsEvaluating performance of big data and deep learning applicationsInvestigating resource management schemes for Docker and Kubernetes platforms

Although Docker is widely assumed to ensure reproducibility of software environments, its practical efficacy remains insufficiently validated. This study presents the first systematic investigation combining a literature review with large-scale empirical analysis of 5,298 real-world GitHub projects. By reconstructing Docker images, performing differential comparisons, and mining workflow patterns, we quantitatively assess the reproducibility of Docker builds and the effectiveness of recommended best practices. Our findings reveal that a significant proportion of Docker builds are not reproducible, and existing best practices offer limited improvements in practice. These results challenge the prevailing assumption that “containers guarantee reproducibility” and provide empirical evidence and actionable insights for enhancing reproducibility in computational research.

containerizationDockerimage building

Latest Papers

What's happening recently
View more

Existing container solutions for resource-constrained microcontrollers lack runtime dynamic configurability, making them ill-suited for multi-tenant scenarios in dynamic heterogeneous environments. This work proposes and implements a lightweight container runtime middleware that, for the first time, enables container-granularity dynamic scheduling and fine-grained resource access control on Cortex-M microcontrollers. The system employs a metadata-driven architecture and a runtime abstraction layer, ensuring compatibility with execution environments such as RIOT OS and integrating WebAssembly via WAMR. Experimental results on mainstream IoT development boards demonstrate that container-to-host service invocation incurs less than 4 ms of overhead. Furthermore, the system successfully validates a novel application paradigm in TinyML contexts, where native RTOS executes inference while containers retain model weights.

constrained devicescontainerizationmulti-tenant microcontrollers

This work addresses the inefficiencies of traditional container images, which require separate builds for each target platform—leading to substantial storage and network overheads and complex maintenance, particularly for cross-platform machine learning applications in Python or R. To overcome these limitations, the authors propose a lazy-build approach featuring a novel intermediate representation format, CIR, which encapsulates only direct application dependency identifiers and defers platform-specific adaptation until deployment. At runtime, a lazy-builder dynamically assembles the complete dependency stack, effectively decoupling application code from the underlying execution environment. This design significantly streamlines multi-platform deployment workflows. Experimental results demonstrate that CIR-based images reduce image size by up to 95% compared to conventional approaches and accelerate deployment by 40–60%, outperforming mainstream container systems such as Docker, Buildah, and Apptainer.

container imagecross-platform deploymentheterogeneous infrastructure

Runnable Directories: The Solution to the Monorepo vs. Multi-repo Debate

Dec 03, 2025
SG
Shayan Ghasemnezhad
🏛️ Causify AI

Modern software systems face a codebase organization dilemma: monorepos ensure consistency but suffer from poor scalability and complex toolchains, whereas multi-repos improve modularity at the cost of increased dependency coordination and integration overhead. To address this, we propose Causify Dev—a novel development system introducing the “Runnable Directory” paradigm, wherein each directory functions as an isolated, self-contained execution unit with its own dependencies and full lifecycle management. Leveraging lightweight unified development environments and containerized workflows—built on Docker, standardized CI/CD pipelines, and shared utility libraries—the system achieves end-to-end decoupled collaboration while preserving monorepo-level consistency and multi-repo-style modularity. Empirical evaluation demonstrates that Causify Dev significantly enhances reliability, maintainability, and engineering scalability for large-scale codebases, while simultaneously reducing toolchain complexity and cross-team coordination costs.

Addresses monorepo scalability and multi-repo coordination trade-offsIntroduces runnable directories for self-contained executable unitsProvides a hybrid approach to improve codebase reliability and maintainability

This work proposes CODECO, a framework designed to address the challenges of traditional centralized Kubernetes in federated edge environments, where heterogeneous infrastructure, device mobility, and multi-provider collaboration are prevalent. CODECO enables edge autonomy while preserving global consistency through co-orchestration of data, computation, and networking. It integrates a semantic application model, a partitioned federation mechanism, AI-driven scheduling decisions, and a hybrid governance model. Built upon an extended Kubernetes architecture, CODECO supports context-aware microservice deployment and adaptive management. The framework’s efficacy in orchestrating applications across complex federated edge-cloud scenarios is validated through a reproducible experimental platform, demonstrating its capability to efficiently manage dynamic and heterogeneous edge environments.

Edge-CloudFederated OrchestrationHeterogeneous Infrastructure

This paper addresses the challenge of balancing security and functional availability in container security policy enforcement. We propose an environment-aware, automated policy generation method that leverages eBPF-based kernel monitoring and multi-environment dynamic analysis to faithfully reconstruct runtime contexts—thereby uncovering implicit execution paths missed by conventional static or lightweight analysis. Our approach introduces a dual-dimension scoring mechanism (security vs. functionality) and a heuristic environment exploration strategy to enable customizable policy optimization. Evaluation across the Top 15 containers shows that our method identifies 16.5% more system calls on average than baseline approaches, covers 45 known vulnerability-related risks, and successfully blocks exploitation attempts for two representative vulnerabilities—CVE-2022-23648 and CVE-2023-2728—demonstrating substantial attack surface reduction.

Automates container security policy generation using dynamic analysisBalances security and functionality through scoring system callsIdentifies hidden execution paths to enhance container vulnerability protection

Hot Scholars

SZ

Stefano Zacchiroli

LTCI, Télécom Paris, Polytechnique Institute of Paris, France
software engineeringopen source softwaredigital commonscomputer security
MM

Meriem Mastouri

University of Michigan-Flint
Software EngineeringAI for SESoftware qualityRefactoring
PL

Phil Legg

Professor in Cyber Security, University of the West of England
cyber securitymachine learningvisual analytics