Read the original article: Half of all Docker Hub images have at least one critical vulnerability
A new security analysis of the 4 million container images hosted on the Docker Hub repository revealed that more than half contained at least one critical vulnerability. The review also identified thousands of images that contained malware or potentially harmful applications, highlighting the need for organizations to have strict policies and review processes in place for sourcing container images and third-party software components in general from public repositories.
Attacks that exploit the software supply chain are not new, but the growing popularity of DevOps, agile development and microservice-based software architecture powered by container technologies have fueled growth for public registries that host pre-made software components and images. In turn, this has led to attackers trying to exploit these relationships by publishing malicious code on these package repositories either directly or by compromising existing accounts.
Read the original article: Half of all Docker Hub images have at least one critical vulnerability