Docker logo

Docker makes spinning up containers a breeze. But how do you know if a container pulled from Docker Hub contains backdoors or malware? Docker’s Verified Publisher initiative addresses that very concern.

Popularity Makes You a Target

Cybercriminals like nothing more than easy routes to victims’ machines and, needless to say, the more the merrier. If a product or platform becomes hugely popular, you can bet that it catches the attention of the threat actors who will try to leverage that success to their advantage.

Docker is a world leader in containerization. For many people, it’s the first name that springs to mind when containers are mentioned. Containers allow developers to wrap an application and its dependencies in a self-contained package called an image. This makes distributing the package easier because everything that’s required to run the application is contained inside the image. There are never unmet dependencies, regardless of what machine the container is running on.

Containers can be thought of as minimalist virtual machines. If they’re providing an application, they don’t need an operating system inside the container. They just need the application’s dependencies. This reduces the size of the images and gives performance boosts when the container is running. The contents of the container run on the host computer’s operating system, isolated from other processes.

Because there are fewer things inside a container requiring resources and computational power compared to a virtual machine, they can run on more modest hardware. That means you can have more of them running on a single piece of hardware, with good performance, than you can on traditional virtual machines. Even containers that are built to provide different Linux distributions are just filesystem snapshots of the distribution. They are run using the kernel of the host computer.

Much of the technology and applications inside containers are open source. This means that they can be freely distributed and used by anyone. Docker containers allow you to adopt the maxim that servers should be treated like cattle, not pets. The benefits of containers have not only driven the widespread adoption of continuous integration and continuous deployment (CI/CD), they have also enabled it.

Mirantis bought Docker in November of 2019. At that time, Docker Enterprise was used by 30% of the Fortune 100 and 20% of the Global 500. Today, the Docker Hub services a mind-blowing 13 billion image pulls—container downloads—per month from nearly 8 million repositories.

Those figures are far too impressive for cybercriminals to ignore. What could be simpler than creating compromised and malicious images, uploading them to Docker Hub, and waiting for unsuspecting users to download and use them?

RELATED: What Does Docker Do, and When Should You Use It?

The Problem with Insecure Images

There’s an inherent problem with pulling images from a repository and using them. You don’t know if they’ve been created with security in mind, or if the software components inside the container are the current versions and still within their supported life cycle. Have they had all available bug fixes and security patches applied to them? Or worse, do they contain malicious code that has been deliberately planted by threat actors?

Docker faces a similar problem to Apple and Google. Apple and Google have to try to police the App Store and Google Play for malicious apps. Docker is taking a slightly different approach. Docker removes container images that are found to be malicious. It’s also providing a verification scheme for container publishers.

In the past, Docker removed a collection of images that were uploaded by the Docker account docker123321. There were 17 or so containers from this single account that contained malicious code. The images were offered as innocent containers supporting apps such as Apache Tomcat and MySQL, but in addition, the containers harbored code that provided reverse SSH shells to the attackers, allowing them to access the containers whenever it suited them.

Python reverse shells and Bash reverse shells were found, and one container even contained the threat actor’s SSH key. This gave them remote access without the need for a password. Other containers were found to host cryptomining software. This meant that the containers were cryptojacked ahead of time. The unsuspecting user would be paying for the electricity and losing processing power to fund the cybercriminal’s Monero cryptomining.

These attacks are a blend of Trojan horse and supply chain attacks.

RELATED: How the Linux Foundation's Software Signing Combats Supply Chain Attacks

The Verified Publisher Program

Docker already provides a collection of container images known as the Official Images. These images are a curated set of containers that have been reviewed by a dedicated Docker team.

The team collaborates with the upstream maintainers and providers of the software in the containers. The Official Images are examples of Docker container best practices, including clear documentation and the application of security patches. Docker Official Images have recently been available to a wider audience through more repositories.

The Verified Publisher initiative provides access to Docker content that’s differentiated by coming from known, verified, and trusted providers. There are over 200 software vendors signed up and ratified by the scheme, and the numbers are rising quickly. Images from verified publishers can be used with high confidence in mission-critical applications and infrastructure.

The Verified Publisher and Official Images programs are complementary schemes. Many of the container images that are provided by Verified Publishers will also be Official Images. A pair of checkboxes on the Docker Hub Explore page lets you specify that the search results are constrained to include Official Images, images provided by Verified Publishers, or both.

Verified Publishers and Official Images checkboxes on Docker Hub

A Welcome Initiative

The SolarWinds and CodeCov attacks have shown just how effective supply-chain attacks can be. Attacking a central point that then compromises downstream consumers of products and services is an efficient distribution method. Compromised containers are a perfect way to distribute this type of attack. It plays on the belief that certain sources of information and software are inherently safe and can be trusted. And generally, that’s the case. But as we’ve seen, it’s a big assumption.

It’s vital that organizations are clear about the provenance and integrity of containers that they pull back from repositories. Official Images and Verified Publishers can be thought of as a form of certification that makes it easier to know what can be trusted right out of the box.

If you make Docker images that are publicly available, and you think that becoming a Verified Publisher will be advantageous to you, you can start the process of applying to be in the scheme on the Verified Publisher web page.

RELATED: Codecov Hacked! What To Do Now if You Use Codecov

Profile Photo for Dave McKay Dave McKay
Dave McKay first used computers when punched paper tape was in vogue, and he has been programming ever since. After over 30 years in the IT industry, he is now a full-time technology journalist. During his career, he has worked as a freelance programmer, manager of an international software development team, an IT services project manager, and, most recently, as a Data Protection Officer. His writing has been published by,,, and Dave is a Linux evangelist and open source advocate.
Read Full Bio »