May 26, 2024


With the proliferation of open supply software program in fashionable growth environments, your setting might have dependencies on public container photos saved in Docker Hub. With out correct configuration and controls, these dependencies could cause safety and reliability dangers inside your CI/CD pipeline. On this weblog, we define some finest practices that your groups can comply with so as to cut back these dangers.

Retailer native copies of public containers

Storing native copies of public containers wherever attainable offers the best reliability and permits for stronger safety controls. The Open Containers Initiative printed pointers round consuming public content material which you could check with for extra particulars.

Use authentication when accessing Docker Hub

We suggest that any time you entry Docker Hub, you accomplish that in an authenticated method as an alternative of anonymously. Along with safety dangers, making nameless requests can even introduce threat of hitting price limits, which can have an effect on the reliability of your CI/CD pipelines. Relying on the structure of your CI/CD infrastructure and the Google Cloud companies that you simply use, there are a number of choices for authentication:

  • Use Artifact Registry Distant Repositories: As an alternative of instantly referencing Docker Hub repositories inside your construct processes, you should utilize Artifact Registry distant repositories to authenticate with Docker Hub and to supply a regional cache of your dependencies. The total directions for utilizing Docker Hub entry tokens with Artifact Registry could be discovered within the following Artifact Registry documentation web page: Configure distant repository authentication to Docker Hub.


Source link