Security - Only Upload DockerFile - DockerHub to build Image

steaton123 · February 13, 2019, 6:29am

As a security measure to ensure that viruses and compromised images cannot be downloaded from DockerHub, I thought it would be a good idea if contributors only uploaded the DockerFile. DockerHub could then be responsible for running the DockerFile to create the image.

In this way, we would always have the DockerFile and we would know that the image was created using that DockerFile and therefore a security audit of the images would be easy and secure.

What do you think?

steaton123 · March 6, 2019, 1:19pm

Do you know if images get built from the attached git repo by DockerHub or do you upload the image in such a way that it could be different than what is in the repo?

Topic		Replies	Views
Security: Side effects of building a Docker Image? General security , docker , build	1	1011	November 27, 2018
Publish an image to github with rsa keypairs, what are the security risks? (NOT PRODUCTION) General	0	870	October 3, 2015
How to upload my Dockerfile to docker hub? General dockerhub	4	24479	June 2, 2019
Question: Will docker compose have any security issues? General dockerhub , docker , build	0	448	September 16, 2020
Why docker push stores the whole image? General docker	1	508	August 23, 2021

Security - Only Upload DockerFile - DockerHub to build Image

Related topics