docker-hub
Safeguard articles tagged "docker-hub" — guides, analysis, and best practices for software supply chain and application security.
10 articles
Software Supply Chain Attack at Scale: npm, PyPI, and Docker Hub Hit in 48 Hours
GitGuardian documented three distinct supply-chain campaigns striking npm, PyPI, and Docker Hub inside a single 48-hour window in April 2026. The simultaneity tells you more about attacker tooling than any single payload does.
Docker Hub malicious image detection
Docker Hub's open upload model has enabled real cryptojacking and phishing campaigns — here's how attackers hide malware in images and how to detect them.
Container registries explained: Docker Hub vs private/ent...
Docker Hub vs. private/enterprise registries explained, with a look at where JFrog Artifactory fits — and why registry choice alone doesn't solve supply chain security.
Docker Hub Exposed Secrets at Scale 2024
Researchers keep finding valid AWS, GitHub, and cloud credentials baked into public Docker Hub images. What the 2024 data shows and how to stop shipping secrets.
The 2019 Docker Hub Database Breach Exposing User Credent...
In April 2019, Docker Hub exposed 190,000 accounts' credentials and GitHub/Bitbucket tokens. Here's what happened, what leaked, and why it still matters for supply chain security.
Docker Hub malicious image report
Researchers estimate roughly 3% of public Docker Hub images carry malicious payloads. Here's what's inside them, how they spread, and how to defend your pipeline.
Top vulnerable base images on Docker Hub
A look at why Docker Hub's most-pulled base images still ship hundreds of known CVEs, and how reachability analysis cuts the noise down to what's actually exploitable.
Docker Hub typosquatting of official images
Attackers are cloning popular Docker Official Images under lookalike names, tricking `docker pull` into fetching malware instead of trusted base images.
Docker Hub Rate Limit Changes and CI Impact
Docker's 2024 rate-limit reforms hit CI pipelines hard. Measured impact on 30 real build farms and the mirror and pull-through controls that fixed it.
Rate Limiting in Package Registries: Balancing Security and Developer Experience
Docker Hub's rate limits broke builds worldwide. Rate limiting is necessary for registry security, but getting it wrong disrupts entire engineering organizations.