Docker Image Security

They are not really problems. Your vendor should roll you new images when the software running in your container poses a security risk.You always have to trust your vendor. And if you don't you can always roll your own docker images using the Dockerfile in their github repo.

Related:A Safer Container Ecosystem with Docker: Free Docker Hardened Imageshttps://news.ycombinator.com/item?id=46302337

Containers are not good for security updates.docker also adds a big attack surface.

It's a sneaky supply chain threat for docker images. I'm not sure standard container registry tools actively scan for this. Of course you shouldn't be running random untrusted docker images that you find on the internet but it happens all the time in dev envs and in sloppy production environments.

Ideally you only use Docker official images,or their equivalent to avoid using unvetted code.It is always a trade off, however it is far more likely that a hacker will use a ten year old well exploited CVE, rather than a recent one

Docker doesn’t have hardened / zero CVE containers

any particular reasons you don't trust Docker security?

there are good free/oss container scanners. check out Trivy.—no reason not to use one.

Looks like the page is down unfortunately.I've seen headlines like this before, but at the time a lot of the vulnerabilities were in packages that were installed on the image but were not launched, or generally not exposed. I do wish for an easy way to frequently update images though (i.e. rebuilding them from scratch installing the latest packages). It's often hard to determine what you're including in your container.

Finally someone is shutting the CVEs noise with container images