So, this has always bugged me. How do you validate a Docker container? No one wants to pull a laced up container, so there has to be a way one can check. Of course, sticking to original docker containers from Docker Hub would be one method I suppose. Is there some kind of scan one can do? I do this on my Windows computer; scan before installing. Besides looking at code that I would have no idea what is going on, what protocols do you guys use?
Docker scout might be worth a try, I also have a look for the dockerfile. Some people have a link to the git repo the image was built from, most don’t. I then do a bit of looking and if not happy, look for a different image
I briefly checked out Docker Scout. That looks very interesting. I’ll dive in here in a little bit.