[Doubleslash]

The segmentation into attack vectors is interesting. But images from individuals on something like DockerHub have always been untrusted. I expected to read here about recent compromised official DockerHub library images.

I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.

Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.

[emmelaich]

I can only assume these links are shared with malicious intent rather than found via docker search.

[cced]

Do you have any recommendations for pull-thru caching? I’m currently going through this issue as we speak and am very interested in having this work for our usecase.