Roger Light
unread,Nov 18, 2021, 5:50:00 PM11/18/21Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to wg-securing-critical-projects
Hello,
I'm not sure I've seen docker pull counts as a possible metric for
identifying critical projects before, so thought I would share some
data. The attached file contains a list of docker "official images"
that have had more than 100 million total pulls, and their pull
counts.
The official images program is a curated set of project docker images
that are intended to be trustworthy images for general use. There is a
certain level of expectation in the documentation that official images
are of general interest/notable in some way but I don't know to what
level that is enforced.
There are flaws to this data, I don't believe that the overall numbers
of pull counts are entirely meaningful in their own right, but are
probably ok as relative measures to one another. It won't typically
include projects that only produce a library, for example. It also
only considers the official-images projects so is looking at a very
small sample of docker images.
I hope it is nevertheless of some interest.
Regards,
Roger