How to Respond to Docker Hub Supply Chain Compromises: A Step-by-Step Guide for 2026

Introduction

In early 2026, two significant supply chain attacks on Docker Hub—targeting the Trivy and Checkmarx KICS repositories—demonstrated how stolen publisher credentials can lead to malicious image pushes without breaching Docker's infrastructure. In both cases, legitimate publishing flows were hijacked to overwrite existing tags and create new ones, exposing anyone who pulled those tags. This guide walks you through a proven response process based on the KICS incident, helping you detect compromised images, rotate credentials, and harden your pipelines for the future.

What You Need

• Access to your Docker Hub account or your organization's pull history logs
• A list of all Docker images pulled from checkmarx/kics (or aquasec/trivy) in the relevant time window
• CI/CD pipeline logs to identify which repositories were scanned by the compromised tool
• Credential rotation tooling (e.g., vault, cloud secrets manager, or manual rotation procedures)
• Local Docker cache and any pull-through registry access for cleanup
• Digest values to pin to (provided in the incident report)

Step-by-Step Response Guide

1. Step 1: Identify Affected Digests and Tags

   Check your Docker pull history for any of the malicious digests reported on April 22, 2026. For the KICS incident, the following index manifest digests indicate compromise:

   • sha256:2588a44890263a8185bd5d9fadb6bc9220b60245dbcbc4da35e1b62a6f8c230d (alpine, v2.1.20, v2.1.21)
   • sha256:222e6bfed0f3bb1937bf5e719a2342871ccd683ff1c0cb967c8e31ea58beaf7b (debian, v2.1.20-debian, v2.1.21-debian)
   • sha256:a0d9366f6f0166dcbf92fcdc98e1a03d2e6210e8d7e8573f74d50849130651a0 (latest)

   Use commands like docker image inspect or review CI runner logs to see which digests were pulled. If you find a match, mark that environment as potentially compromised.

2. Step 2: Rotate All Credentials Exposed During Scanning

   KICS scans infrastructure-as-code files (Terraform, CloudFormation, Kubernetes), which often contain secrets, cloud resource names, and internal topology. The malicious images exfiltrated scan output to audit.checkmarx[.]cx with User-Agent KICS-Telemetry/2.0. If your CI ran KICS against any repository containing credentials during the exposure window (from ~12:35 UTC April 22 onward), assume those credentials are compromised. Rotate all:

   • API keys and service account tokens
   • Database passwords
   • Cloud provider secrets
   • Any other secrets present in scanned config files

3. Step 3: Re-pull Only by Digest, Not Tag

   Tags are mutable and can be overwritten again. To ensure you use a clean version, pull the KICS image by its correct, uncompromised digest. The official Checkmarx team will publish verified digests. For example:

   docker pull checkmarx/kics@sha256:<verified-digest>

   Do not rely on tags like latest or v2.1.20 until the incident is fully resolved and tags are re-published by the vendor.

4. Step 4: Pin Digests in Your CI/CD Pipelines

   Update all pipeline configurations (e.g., GitHub Actions, GitLab CI, Jenkins) to reference images by digest instead of tag. This prevents a future tag overwrite from silently pulling a malicious image. Example snippet for a Docker-based task:

   

   image: checkmarx/kics@sha256:<verified-digest>

   Document this policy and enforce it with linting or CI checks.

5. Step 5: Purge Malicious Images from All Caches and Registries

   The compromised images may be present in:

   • Local Docker cache on developer machines
   • CI runner images and build caches
   • Pull-through registry mirrors (e.g., AWS ECR, Harbor)

   Run docker rmi with the malicious digest for each. For pull-through registries, delete the cached layer blobs or entire repository, then re-pull the verified digest.

6. Step 6: Monitor for Unusual Activity

   After rotating credentials, watch for any sign of follow-on activity:

   • Unexpected API calls from your cloud environment
   • New infrastructure resources created without approval
   • Changes to IAM roles or service accounts

   Use your SIEM or cloud trail logs to correlate with the exfiltration domain audit.checkmarx[.]cx.

7. Step 7: Report and Share Indicators of Compromise

   Share the malicious digests and domains with your security team and industry peers (e.g., through ISACs or security forums). This helps others detect the same attack. Also consider reporting to Docker Security and Checkmarx if you haven't already.

Tips

• Adopt a zero-trust image policy: Always pin by digest, even for trusted sources. Tools like Docker Content Trust (DCT) or Notary can help, but digest pinning adds a layer of protection independent of signatures.
• Monitor unusual User-Agent strings: The KICS incident used KICS-Telemetry/2.0 to disguise exfiltration. Incorporate known malicious User-Agents into your network monitoring rules.
• Review publisher credential hygiene: The attack vector was stolen credentials—not a Docker Hub vulnerability. Enforce multi-factor authentication (MFA) for all publisher accounts, and rotate access tokens regularly.
• Scan your own pipeline images: Run an integrity check on any third-party images before using them in production, even if they come from official repositories. A simple digest comparison script can catch unexpected changes.
• Practice incident response drills: Use real-world examples like the Trivy and KICS incidents to tabletop exercise your team's ability to identify, contain, and recover from a supply chain compromise.