Docker Hub presents multiple barriers to entry for Scout integration, resulting in an ecosystem that’s a lot less secure than it should be.
- The Docker Team pricing tier lacks support for personal Docker Hub orgs.
- Contributors who maintain three or more images can’t integrate with the Scout dashboard. FOSS contributors are being punished for being prolific. A better threshold between FOSS and enterprise would calculate the total storage space in TB. Bad actors can currently spam the free tier with 2 large repositories, while coders acting in good faith are penalized even for small, optimized images. This encourages antipatterns such as misusing tags to implement unrelated images under the same title.
- The Docker Hub and Scout dashboard Web UI’s have bad UX. Docker Hub’s Settings tab presents a “recommended” option at the top, that is not free. This is a bad experience for FOSS development. Worse, trying to follow the recommended option often triggers bad validation logic in Scout dashboard. That is, selecting 3+ images to enable scan integration mysteriously fails.