It has been reported that researchers from the Norwegian University of Science and Technology (NTNU) put 2,500 Docker images from Docker Hub to the test. In a research paper, the computer security researchers describe how they used the open-source Anchore Engine security scanner and their own scripts to analyse a sample set of 2,500 Docker images. They found about 17.8 per cent (430) of the Docker images contained no known vulnerabilities, or 21.6 per cent (533) if you ignore negligible vulnerabilities.

Tim Mackey, Principal Security Strategist,  Synopsys CyRC
June 17, 2020
Docker images present on Docker Hub should be treated no differently than the source code used to create them.
The Vulnerability Analysis Report highlights a known problem within the world of application containers – pulling a Docker image without knowing its full provenance opens the door to unexpected exposure to unpatched vulnerabilities. Unfortunately, the report unintentionally highlights the challenge of knowing precisely which images should be used for an application. As an example, it highlights ....
