In a previous post of our DevSecOps blog series, we talked about the potential of malware existing in source code and build artifacts, and how teams can secure their software build pipeline using MetaDefender for Jenkins. Continuing the theme of DevOps security in this blog, I will demonstrate how to use MetaDefender for Jenkins to detect malware and vulnerabilities in Docker images. Container Infrastructures: Expanding Surface for Supply Chain Attacks Micro-services and containers have seen tremendous growth. Thanks to its lightweight and fast-to-deploy nature, container technology will only continue to expand in the future. However, containers also house outdated and vulnerable software more often than not. Bad actors have leveraged this auto-build platform to create supply chain attack campaigns, putting the target organizations and their associated parties at risk. An analysis of 4 million public images on Docker Hub revealed the out-of-sight risks in containers. Half of these images (51%) contained