Docker is now making more than 1,000 hardened container images available free of charge and completely open source. With this, the company wants to set a new standard for the security of container applications.
Docker has released its entire catalog of Docker Hardened Images (DHI), based on the popular open source distributions Debian and Alpine, under an Apache 2.0 license. Developers, organizations and governments are free to use, modify and redistribute the images without restrictions. According to Docker, the hardened images reduce up to 95 percent of known vulnerabilities compared to standard community images.
Each image contains four building blocks:
- A complete software bill of materials (SBOM);
- Transparent and public CVE data;
- A traceable construction chain according to SLSA level 3;
- Cryptographic proof of authenticity.
To simplify and encourage the switch, Docker’s AI assistant can scan existing containers and make suggestions for a similar hardened image.
Also for AI
Docker is also extending its approach to AI infrastructure. The hardening methodology is applied to so-called Model Context Protocol (MCP) servers, which connect AI assistants to external tools and data sources. The first hardened images are available for more than ten popular servers, including Grafana, MongoDB and GitHub.
read also
Docker Launches Model Runner for Local AI Models
Docker notes that the adoption of DHI has been accelerating since its launch, with organizations such as Adobe and Crypto.com already switching to the hardened images organization-wide. The decision to make DHI free and open source is intended to make security available at the base for every developer, regardless of scale or sector.
Paid variant
Of course, Docker also wants to offer users the option of opting for a paid model. For companies that have additional requirements regarding compliance or faster security updates, Docker offers the paid formulas DHI Enterprise and DHI Extended Lifecycle Support (ELS). DHI Enterprise promises, among other things, CVE resolution within seven days, and eventually within 24 hours. In addition, the images are customizable and suitable for FIPS and STIG compliance.
With DHI ELS, companies receive up to five years of additional security support after the official end of support for the underlying distribution. This includes further CVE updates and the retention of cryptographic signing and auditability for audits.