Mark Lechner
Chief Information Security Officer, Docker
More by Mark
Trivy supply chain compromise: What Docker Hub users should know
On March 19, 2026, threat actors compromised Aqua Security’s CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy.
Read now
Hardened Images Are Free. Now What?
Docker Hardened Images are now free. Learn the waterline model, supply chain isolation, VEX, and policy automation to cut CVE noise and meet compliance.
Read now
Why I joined Docker: security at the center of the software supply chain
Mark Lechner, Docker’s CISO, shares his vision for a future where Docker not only powers the software supply chain, but actively safeguards it.
Read now
Trivy supply chain compromise: What Docker Hub users should know
On March 19, 2026, threat actors compromised Aqua Security’s CI/CD pipeline and used stolen credentials to push backdoored versions of the aquasec/trivy vulnerability scanner to Docker Hub. A second wave of compromised images followed on March 22. The malicious images contained an infostealer targeting CI/CD secrets, cloud credentials, SSH keys, and Docker configurations. This post summarizes what happened, what Docker did in response, and what you should do if you use Trivy.
Read now
Hardened Images Are Free. Now What?
Docker Hardened Images are now free. Learn the waterline model, supply chain isolation, VEX, and policy automation to cut CVE noise and meet compliance.
Read now
Why I joined Docker: security at the center of the software supply chain
Mark Lechner, Docker’s CISO, shares his vision for a future where Docker not only powers the software supply chain, but actively safeguards it.
Read now