Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021.
The more interesting question is, how many downloads do they get?
So without those numbers, I see this as largely FUD. It doesn't seem like trusted repos are getting infiltrated, so this sounds like a nothing burger. It's good that Docker removed them, but without actual evidence of harm, it just seems cosmetic.
As of this writing, I saw one comment:
I get all kinds flack for not using docker containers and this is why I don't. 20% is 1 in 5 containers, that cannot be trusted. I have no desire to to build my own Docker containers. I would much rather spin up a VM. CPU, RAM and disk space are cheap these days.
- Throwdown
This entirely misses the point of Docker. Yeah, 1 in 5 containers have malware, but how likely are you to be mislead into using one of those containers? I only pull containers based on some official project.
Then again, I'm a developer, but I don't see anything here about Docker itself being a problem, and the vast majority of users will probably just follow links from some blog to accomplish some task, they won't be downloading random images from the Docker hub...