@eliotberriot At any rate, though I agree these images are probably more the deployment payload rather than the entry point vulnerability in this particular case, I think that was helped by a culture (and toolchain) of non-reproducibility on DockerHub. I'm sure there are plenty more of these, but how to know which has what? By being mostly impenetrable, so is the discovery of malware... and for that matter, vulnerabilities: http://delivery.acm.org/10.1145/3030000/3029832/p269-shu.pdf