This is a little crazy but apparently we don’t have a good way to verify sha256 digests of public images in docker hub.
Related thread is here: https://github.com/docker/hub-feedback/issues/1925 and also this stackoverflow is useful: https://stackoverflow.com/questions/57316115/get-manifest-of-a-public-docker-image-hosted-on-docker-hub-using-the-docker-regi .
Problems in the nutshell:
- Publicly displayed digests on docker hub UI do not match those seen when pulling images locally
- Getting public image manifests is highly problematic (very hacky work-around involved)
- Public image may be re-pushed with same tag -> forcing new digest -> forcing details about last image erased. How we audit this to still be good?
Potentially, all those present serious level of security concern.