Security practice in docker hub

by | Jan 3, 2022 | Cybersecurity






Security practice in docker hub – XMind – Mind Mapping Software











  1. Official Images on Docker Hub

    1. Docker, Inc. sponsors a dedicated team that is responsible for reviewing and publishing all content in the Official Images. This team works in collaboration with upstream software maintainers, security experts, and the broader Docker community.
    2. The Official Images team, with help from community contributors, formally review each proposal and provide feedback to the author. This initial review process may require a bit of back-and-forth before the proposal is accepted.
    3. Each of the images in the Official Images is scanned for vulnerabilities. (?)
  2. Docker Enterprise: Scan images for vulnerabilities

    1. View security scan results

      1. Layers
      2. Components
  3. WhiteSource: Docker Image Security Scanning: What It Can and Can’t Do
  4. BanzaiCloud: Vulnerability scans on Kubernetes with Pipeline

    1. Over 80% of the latest versions of official images publicly available on Docker Hub contained at least one high severity vulnerability!
    2. Backdoored images downloaded 5 million times finally removed from Docker Hub