A
100/100 First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
1
Score
100/100
LOW 1
Findings (1)
LOW
Docker pull and run untrusted image
L220 Detects pulling and running Docker images from external registries
docker pull vulhub/openssh FIX
Pin Docker images to a specific digest (e.g., image@sha256:abc...) instead of using mutable tags like :latest. Use trusted base images from verified publishers.
FP?
Likely FP if the Docker command pulls a well-known official image (e.g., docker pull python:3.11) in setup documentation.