PALO ALTO, Calif., May 19, 2025 (GLOBE NEWSWIRE) -- Docker, Inc.®, a leading provider of cloud-native application development tools, content, and services for developers, including emerging AI workflows, today announced Docker Hardened Images (DHI), a curated catalog of security-hardened, enterprise-grade container images designed to meet today’s toughest software supply chain challenges.
Designed with security at the core, Docker Hardened Images are minimal, continuously maintained, and tested to meet enterprise compliance standards. Available directly through Docker Hub, DHI enables developers, security engineers, and platform teams to scale securely without disrupting familiar workflows.
“The complexity of securing container dependencies shouldn’t fall squarely on developers’ shoulders,” said Michael Donovan, vice president of Product at Docker. “With Docker Hardened Images, we’re making it easier for teams to build with trusted and verified components that meet enterprise-grade security and compliance standards without adding friction to their workflow.”
An Emerging Market, A Trusted Differentiator
Docker is uniquely positioned to deliver this. With over a decade of experience building tools developers love and securing billions of image pulls every month on Docker Hub, Docker Hardened Images are a natural evolution of Docker’s platform, built directly into the workflows teams already trust. The result: a secure, flexible foundation that works out of the box and meets the needs of modern enterprise teams.
At launch several partners are joining Docker to support the Docker Hardened Images ecosystem, including leading software publishers and security providers. These partners help deliver secure, enterprise-ready images and integrate enhanced scanning, metadata, and compliance insights into existing workflows. Their collaboration reflects the growing demand for trusted, scalable solutions that reduce container risk without slowing development. Partners announced today include Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz, with more yet to come.
“Docker’s Hardened Images are a major step forward in software supply chain assurance,” said Steven Dickens, CEO and Principal Analyst at HyperFRAME Research. “In a market still in its early stages, developers and enterprises are looking for a trusted partner who understands both scale and simplicity. Docker brings years of ecosystem leadership to the hardened container space, combining security, usability, and seamless integration in a way that few others can.”
"Wiz is excited to see Docker entering the container vulnerability management space with their Hardened Images offering," said Oron Noah, Vice President of Product, Extensibility & Partnerships at Wiz. "Improving the software supply chain takes collaboration across the ecosystem. With Docker's key position in the container ecosystem and the reach of Docker Hub, this initiative has the potential to dramatically improve software supply chain security across the industry."
Built for the Enterprise Developer
Modern software teams move fast but security, compliance, and trust can’t be left behind. Docker Hardened Images are built for the real-world needs of enterprise developers and the teams that support them. Whether you're responsible for building, securing, or scaling applications, DHI helps you move faster with guardrails in place:
- Platform Engineers gain a scalable way to manage secure, compliant images with full control over policies and provenance
- Application Developers can focus on shipping code, not chasing CVEs, with hardened, ready-to-run images integrated into Docker Hub
- Security Engineers get consistent, verifiable artifacts that align with organization-wide security standards and simplify audits
- CISOs gain supply chain visibility and assurance that container dependencies meet compliance expectations out of the box
Secure by Default, Flexible by Design
Docker Hardened Images are engineered to provide maximum security and compliance while staying lightweight, fast, and customizable. Each image is:
- Built to eliminate vulnerabilities, with few-to-zero exploitable CVEs and continuous scanning and updates, all built to meet SLSA Build Level 3 requirements
- Designed for least privilege, running as non-root by default to reduce risk in production
- Minimized by design, based on distroless principles that reduce attack surface and improve startup time, with up to 95% reduction in attack surface
- Compliance-ready: SBOMs, VEX, build provenance, and more — all cryptographically signed.
- Available across multiple distros—including Alpine and Debian—with more to come, supporting a wide range of enterprise environments.
Now Available on Docker Hub
Docker Hardened Images are now available on Docker Hub—discover how your team can get started.
Resources
- Blog: Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production
- Product: Docker Hardened Images
About Docker
Docker drives modern software development by making it easy to adopt container technology to radically boost productivity, security, testing, and collaboration at every step of the developer experience. Embraced by over 20 million developers worldwide, Docker’s unmatched flexibility and choice make it the preferred tool for developers seeking efficiency and innovation for creating modern applications. Learn more about Docker at www.docker.com.
Contact David Oro press@docker.com
