Docker, Inc., a leading provider of cloud-native development tools and services, today unveiled Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images. Built to tackle today’s toughest software supply chain challenges, DHI offers minimal, continuously maintained images that integrate seamlessly into developers’ existing workflows while meeting rigorous compliance standards.
Simplifying Container Security for Developers
Michael Donovan, Docker’s Vice President of Product, explained that securing container dependencies shouldn’t overburden developers. Docker Hardened Images enable development, security, and platform teams to use trusted, verified components that comply with enterprise-grade security standards—without adding friction or complexity to their workflows.
With over a decade of experience and billions of image pulls per month on Docker Hub, Docker is uniquely positioned to offer hardened images that plug directly into workflows teams already trust.
Building an Ecosystem of Trust with Partners
At launch, Docker Hardened Images are supported by an ecosystem of prominent partners spanning software publishers and security providers. These include Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz.
These partners enhance DHI by providing enterprise-ready images and integrating scanning, metadata, and compliance insights, reflecting the growing demand for scalable, trusted solutions that reduce container risk without slowing development.
Steven Dickens, CEO of HyperFRAME Research, praised Docker’s leadership, highlighting the company’s rare combination of security, usability, and seamless ecosystem integration. Oron Noah from Wiz also emphasized the initiative’s potential to improve software supply chain security industry-wide.
Designed for Enterprise Developers and Security Teams
Docker Hardened Images cater to the fast-paced needs of modern software teams, while maintaining security and compliance guardrails:
- Platform Engineers get scalable, policy-driven image management with full provenance control.
- Application Developers can focus on shipping code, relying on hardened images integrated into Docker Hub to minimize CVE chasing.
- Security Engineers receive consistent, verifiable container artifacts that align with organizational security policies and simplify audits.
- CISOs gain enhanced visibility into supply chains with compliance assurances baked in.
Security by Design, Flexibility by Nature
DHI images are engineered to maximize security and compliance while remaining lightweight and customizable:
- Vulnerability Reduction: Few-to-zero exploitable CVEs, continuous scanning, and updates meet SLSA Build Level 3 standards.
- Least Privilege: Run as non-root by default to reduce production risk.
- Minimal Attack Surface: Distroless design reduces attack surface by up to 95%, improving startup time and security.
- Compliance Ready: Includes cryptographically signed SBOMs, VEX, and build provenance for audit ease.
- Multi-Distro Support: Available for Alpine, Debian, and more to come, supporting diverse enterprise environments.
Docker Hardened Images represent a major advancement in securing containerized applications and supply chains. By providing a trusted, minimal, and enterprise-grade container catalog integrated into familiar workflows, Docker empowers teams to move fast without compromising security or compliance—meeting the modern demands of cloud-native and AI-driven software development.
