This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.
disrupt services
implement bad library in backups as all focus turns to production
destroy production enough to require a restore
I think this is what they meant, but it’s a stretch.
You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?
They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
I was just answering a question. I had the same response above.
And I was just adding extra details
Supply chain attack has a definition. And it has nothing to do with DDoS.
ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.
I think this is what they meant, but it’s a stretch.