Hacker News new | comments | show | ask | jobs | submit login

Reviewing images is relatively straightforward. For anyone using automated builds you can just review the Dockerfile either on Docker hub or github.

For non-automated builds just pull to a local machine and use something like portainer to have a look around.




> For anyone using automated builds you can just review the Dockerfile either on Docker hub or github.

And then review what it `FROM`s. And then review the core OS build that relies on.

It's a lot of work. It is doable, but it is a lot of work.


indeed there's a hierarchy to follow up so can be painful, but then no different to where a shellscript goes and pulls more code as part of it's run.

I just wanted to make the point that I don't think it's impossible :)




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: