Fresh Secrets From the Docks: Lessons Learnt From Analyzing 180,000 Public Dock... Guillaume Valadon
Guillaume Valadon
KubeCon + CloudNativeCon Europe 2025 · Session
In this compelling KubeCon EU talk, Guillaume Valadon, a security researcher at GitGuardian, unveiled the alarming prevalence of leaked secrets within public Docker images. Titled "Fresh Secrets From the Docks," the presentation detailed an extensive research effort involving the scanning of over 50 million Docker images on Docker Hub. Valadon's work highlights a critical blind spot in many organizations' security postures, demonstrating how easily sensitive credentials, API keys, and private keys can inadvertently end up in publicly accessible container images, posing a significant risk for supply chain attacks, data breaches, and unauthorized resource utilization.
AI review
Valadon's research is a brutal, data-driven gut punch to anyone running containers. By exhaustively scanning over 50 million Docker images, he exposes the staggering scale of leaked secrets on Docker Hub – 5% of repositories, 100,000 valid credentials, some active since 2020. His most critical finding reveals a pervasive, overlooked leak vector: `build-arg` variables silently embedded in the final image's JSON config. This isn't just theory; it's hard numbers and concrete mechanisms that demand immediate attention from every CISO and developer in the cloud-native space. Absolutely essential…