Hacker News new | past | comments | ask | show | jobs | submit login




The details about the actively malicious ones in there seem a lot more interesting actually. The "X% have some outdated code somewhere, we didn't test if its actually used" reports on the other hand seem to be required yearly publishing for any security company doing anything with containers...


That's why i share it.

Because people with low-level technical knowledge thinks that once everything is on Docker they're immune to lot of vulnerabilities.

So they run images without hesitation.



Is there a full list of the vulnerable images?

Presumably images from reputable vendors like alpine:latest and openjdk:jre-alpine are OK?


Yes, it can be seen and searched on https://malware.prevasio.com/

Looks like the vast majority are images that are intended to mine coins, but there are a few "normal-looking" ones in the top as well





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: