Docker has introduced that it’s open sourcing its catalog of over 1,000 Docker Hardened Pictures (DHI), that are production-ready photos maintained by Docker to scale back vulnerabilities in container photos.
Every picture features a full software program invoice of supplies (SBOM), clear public CVE knowledge, SLSA Construct Stage 3 provenance, and cryptographic proof of authenticity.
Out there underneath the Apache 2.0 license, DHI is constructed on Debian and Alpine, permitting anybody to undertake the pictures with out lock-in and with minimal adjustments to their current workflows, Docker defined.
In response to the corporate, the principle impetus behind deciding to open supply the DHI catalog was to allow everybody from maintainers to hobbyists to governments to realize entry to those safe photos with out restrictions.
“At this time’s announcement marks a watershed second for our business. Docker is essentially altering how functions are built-secure by default for each developer, each group, and each open-source challenge,” Christian Dupuis, senior principal software program engineer at Docker, wrote in a weblog publish.
Docker says that its AI assistant will have the ability to scan a buyer’s current containers and advocate the equal hardened photos to exchange what they at present have.
Organizations that want further assist or companies will have the ability to buy DHI Enterprise or Prolonged Lifecycle Assist. DHI Enterprise guarantees remediation of crucial vulnerabilities in underneath seven days, FIPS-enabled and STIG-ready photos, and full customization. Prolonged Lifecycle Assist is an add-on to DHI Enterprise that comes with 5 years of assist after the upstream assist ends, ongoing signing and auditability, and continued CVE patches, SBOM updates, and provenance attestations.
Moreover, Docker has constructed Hardened Helm Charts that make use of DHIs in Kubernetes environments, in addition to Hardened MCP Servers, together with MongoDB, Grafana, and GitHub. It additionally plans to proceed this work within the coming months, with hardened libraries, hardened system packages, and different safe elements. “The aim is straightforward: have the ability to safe your utility from predominant() down,” Docker wrote.
