How to check a docker container for malware?

J

Jek2020-12-20 19:10:25

open source

Jek, 2020-12-20 19:10:25

Hello. I read an article on habré on creating a voice assistant through alphacephei.com vosk, I searched on Google about this company and found nothing except their website, the question arose of how safe it is to use their docker image and their python module? And then the question arose of how to generally detect malicious software distributed through a docker hub or pypi?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey Gornostaev, 2020-12-20
@sergey-gornostaev

No way. All public repositories are dangerous. In the case of PyPI, only personally check the source code of each version. Docker is even more difficult.

D

Dim Boy, 2020-12-20
@twix007

At a minimum, you should use off-source images from developers.

F

Filipp42, 2021-01-08
@Filipp42

You can check with ClamAV antivirus, also try running the container in the sandbox and see if it does anything wrong. And if you open the source, you can build the program yourself, but it should be noted that even open source code without verification can be dangerous (although I don’t think anyone will substitute it).