Docker is the platform that made containers mainstream. It lets developers package applications with dependencies into standardized units that run consistently across different environments.
Earlier this year, they launched Docker Hardened Images (DHI), a collection of secure, minimal container images. These images include complete Software Bill of Materials (SBOM), SLSA Build Level 3 provenance, and transparent vulnerability reporting.
But DHI was previously enterprise-only. Docker has now made it free and open source.
DHI for Everyone
The images are released under Apache License 2.0, with hardened versions of popular images built on Alpine and Debian freely available. According to Docker, these images have up to 95% smaller attack surfaces compared to standard images.
Alongside this, they also released Hardened MCP Servers for AI applications. The MCP servers include hardened versions for MongoDB, Grafana, GitHub, and other commonly used services.
Moreover, Docker now offers DHI in three tiers. The free open source version gives everyone access to hardened images with SBOM and provenance.
DHI Enterprise adds a 7-day SLA for critical CVE remediation, FIPS-enabled images, STIG-ready configurations, and image customization. With this, organizations can modify images, add certificates, and build on Docker's infrastructure while maintaining compliance.
DHI Extended Lifecycle Support (ELS) is a paid add-on for the above that extends security patches up to five years beyond upstream end-of-life. This addresses the problem of maintaining legacy systems that still need security updates after official support ends.
Announcing this move, Christian Dupuis, Senior Principal Engineer at Docker, added that:
Todayβs announcement marks a watershed moment for our industry. Docker is fundamentally changing how applications are built-secure by default for every developer, every organization, and every open-source project.
This moment fills me with pride as it represents the culmination of years of work: from the early days at Atomist building an event-driven SBOM and vulnerability management system, the foundation that still underpins Docker Scout today, to unveiling DHI earlier this year, and now making it freely available to all.
You can get started with Docker Hardened Images at the official portal (needs an account). For the source, visit GitHub, and for instructions, check the documentation.
Suggested Read π: The First Rust CVE in Linux Kernel
Sourav Rudra
