How much are you 'trusting' a docker image from hub.docker.com?

This page summarizes the projects mentioned and recommended in the original post on /r/docker
html5-speedtest zero-trust Speedtest web-worker Xhr

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • speedtest

    Self-hosted Speed Test for HTML5 and more. Easy setup, examples, configurable, mobile friendly. Supports PHP, Node, Multiple servers, and more

    In this particular instance though, adolfintel appears to be the developer of Librespeed. The official documentation in that GitHub repo points to that docker image by adolfintel. Therefore, it counts as the official docker image in my book.

  • cosign

    Code signing and transparency for containers and binaries

    Another thing to look for is, whether the image is signed using something like cosign (https://github.com/sigstore/cosign). This lets the publisher digitally sign the image, so you at least know that what's on the registry is what they intended to put there. Handy to avoid the risks of attackers squatting similar names and catching typos.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts