Sysdig 2021 Container Security and Usage Report – Top Open‑Source Solutions, Metrics, and Kubernetes Trends

The Sysdig 2021 Container Security and Usage Report examines how customers run containers in production, automatically discovering processes to reveal the top open‑source solutions deployed, including NGINX, MongoDB, Postgres, Redis, Elasticsearch, Node.js, Go, Java, and RabbitMQ.

Custom metrics are dominated by Prometheus, JMX, and StatsD, with Prometheus usage climbing to 62% of customers while JMX and StatsD adoption fell 35% and 15% respectively; Prometheus exporters were ranked by GitHub activity and Docker pull counts.

Container statistics show that over half of customers run 250 or fewer containers, with a median image size of 376 MB (the largest observed at 10 GB); container density per host increased by 33% year‑over‑year.

Lifecycle analysis indicates most containers live less than a week, many images are replaced within a week, and services tend to run continuously, though a growing share of short‑lived workloads are moving toward serverless platforms.

Alert analysis identified more than 800 unique policies, with the top ten covering Kubernetes node availability; Slack leads as the most common alert channel, followed by PagerDuty and Opsgenie, and custom tag‑based alerts are increasingly used.

Kubernetes usage data reveal that most customers operate a single cluster with a modest node count, while namespace, deployment, and pod counts per cluster show slight reductions, reflecting a shift toward tighter access control and higher container density.

The report’s data stem from analysis of roughly two million containers, supplemented by public sources such as GitHub, Docker Hub, and CNCF, and conclude that cloud‑native container adoption continues to grow, security tooling remains essential, and open‑source projects like Falco, Prometheus, and Go are becoming core components of modern infrastructure.