Docker Hub 是存放、分享 Docker Image 的地方,但是隨著 Docker Image 的數量越來越多,有很多會都有安全 性問題 (例如:超過400天沒有更新的套件),要使用的時候,需要多加注意。
Docker Hub 有很多 Docker Image 可能有安全性問題
Docker Hub 的 Image 要使用的話,我通常都會挑 Official image 來使用,而且要使用的時候,還要多注意更新的日期,避開太久沒更新的 Image。
Docker Hub 的套件有四種分類:(安全程度也是由低到高排序)
- Community:可以由任何人上傳,若要使用這個,請特別小心使用
- Verified:由 Docker 技術夥伴來驗證安全性
- Certified:企業會定時掃描這些 Image
- Official:Docker 官方有專門部門來處理 (盡量挑這種的)
相關資料:Official Images on Docker Hub | Docker Documentation
- Docker Hub classifies images in four categories: Community, Verified, Certified, and Official.
- Community images can come from anyone – all you need is a DockerID.
- Verified images come from entities enrolled in Docker Technology Partner program, which verifies that publisher is the source of the content.
- Certified images receive even greater scrutiny – intended for enterprise customers, they're supposed to follow recommended best practices, pass a functional API test suite, and complete a vulnerability scanning assessment.
- Official images, which provide base operating system repositories and similar resources, get vetted by a dedicated team at Docker.
