Solved How safe are images on docker hub ?
-
I'm new to docker and was going to do some experimenting. I thought I'd start by seeing if I could get a Unifi controller set up in a container on a test server. I found two different images on docker hub but as far as I can tell neither is provided by Unifi itself.
That got me to wondering how safe should I consider public images such as these? Before I start using these are there any best practices that I should consider for what to look for before running an image from an unknown source?
The two images I found for the unifi controller are these :
https://hub.docker.com/r/linuxserver/unifi-controller
https://hub.docker.com/r/jacobalberty/unifi -
@BraswellJay we don't allow public Docker images to be loaded on our network. What we do is download any images that are needed and upload them to our own Docker registry. We use GCR on Google cloud, but you could use AWS or Azure as well. Each of those providers have vulnerability scanners built-in so anytime you upload an image, it is scanned automatically.
-
I would agree that hesitation is needed. I have no idea if any vetting goes into those at all.
-
@BraswellJay we don't allow public Docker images to be loaded on our network. What we do is download any images that are needed and upload them to our own Docker registry. We use GCR on Google cloud, but you could use AWS or Azure as well. Each of those providers have vulnerability scanners built-in so anytime you upload an image, it is scanned automatically.
-
Ubiquiti does not release a docker image for UniFi. So you simply have to take your own risks with community stuff..
-
-
@JaredBusch said in How safe are images on docker hub ?:
Ubiquiti does not release a docker image for UniFi. So you simply have to take your own risks with community stuff..
But there's little need. It's so easy to run the normal way.
-
Linuxserver.io images are safe and very well maintained. Some are safer (Plex for example) and better documented than official images. And since all their sources are on Github, it's easy to verify them. I run their Unifi controller at work and at home.
-
It all depends. You can inspect the layers of the images. You can also scan with trivy, snyk, etc.
You can also do what @IRJ mentioned. There’sa few ways to handle this.