Docker Hardened Images: Secure by Default, Free for All

The software supply chain is under attack—billions in damage, exploding risks. Docker just flipped the script by making hardened, production-ready container images free and open source for every developer, everywhere.

A new industry standard with guaranteed patching, minimal attack surface, and full transparency—available at zero cost.

Source: Docker Blog — Source link

Highlights

Key points

• Docker Hardened Images (DHI) are free, minimal, production-ready images built on familiar open-source foundations (Alpine, Debian).
• DHI provides guaranteed near-zero CVEs, distroless runtime to shrink attack surface, and secure defaults without compromising transparency.
• Hardened Helm Charts and Hardened MCP Servers (Mongo, Grafana, GitHub, etc.) extend DHI security to Kubernetes and agent workloads.
• DHI Enterprise adds FIPS/STIG compliance, SLA-backed patching, and unlimited customization with Docker’s build service.
• Migration is simplified with AI assistant recommendations, familiar foundations, and open-source tooling.
• Partners like Google, MongoDB, CNCF, Socket, and Anaconda integrate and extend DHI for broader security coverage.
• DHI is open source, free to use, share, and build on—no licensing surprises.

Timeline

• May 2025 — Docker Hardened Images launched
• Dec 2025 — Docker Hardened Images made free and open source

Why It Matters

Supply-chain attacks caused over $60B in damage in 2025. By making Docker Hardened Images free and open source, Docker raises the security bar for the entire container ecosystem, enabling every developer to build securely from the first pull and reducing risk at scale.