Module: Docker hub #1130
Closed
domwhewell-sage
started this conversation in
Module Requests
Module: Docker hub
#1130
Replies: 2 comments
-
|
Good module idea. Whatever we end up doing with this, it should probably mirror our GitHub stuff. Both GitHub repos and docker images might be too big to throw into the mix with HTTP_RESPONSE, so we could use an intermediate event like CODE_REPOSITORY, which would get consumed and looted by another module. At least that would allow us to keep the modules simple, and consolidate the secret-pillaging logic to one place. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Completed. Thanks @domwhewell-sage! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Having recently found a github personal access token in a docker image layer, I was thinking it may be a great source for secrets if we search all users belonging to an organisation and loop over all public docker images to obtain their layers and maybe raise them as a
HTTP_RESPONSEpulling each image may be a tall ask, but the layers should be accessible in the unauthenticated API as they can be viewed publicly on docker hub.For example: https://hub.docker.com/layers/library/ubuntu/latest/images/sha256-81bba8d1dde7fc1883b6e95cd46d6c9f4874374f2b360c8db82620b33f6b5ca1?context=explore
Beta Was this translation helpful? Give feedback.
All reactions