Docker, Inc. Adds More Than a Thousand Free Hardened Container Images

December 17, 2025December 17, 2025 Mike Vizard Alpine containers, cloud native security, container security, CVE management, Debian containers, DevSecOps, Docker AI Assistant, Docker hardened images, docker hub, hardened container images, open source containers, SBOM, SLSA provenance, software supply chain security

by Mike Vizard

Docker, Inc. today revealed it is making more than 1,000 hardened container images available under an open source Apache 2.0 license to enable application developers to build more secure cloud-native applications.

Available via Docker Hub, the Docker Hardened Images (DHI) being made available for free are built on Linux distributions of Debian and Alpine to provide a complete set of images that can be readily deployed.

Additionally, Docker has extended its generative artificial intelligence (AI) tool, dubbed Docker AI Assistant, to now be able to scan existing containers and recommend and apply equivalent hardened images. Docker is also extending its hardening methodology to Model Context Protocol (MCP) servers, starting with hardened versions of more than ten servers, including implementations from Grafana, MongoDB and GitHub.

Nikhil Kaul, vice president of product marketing at Docker, Inc., said that by providing access to a set of free hardened images is trying to make it simpler for application developers to download secure images versus continuing to rely on images they might find that are fundamentally less secure, said Kaul. Every image includes a complete software bill of materials (SBOM), transparent public Common Vulnerability and Exposure (CVE) data, cryptographic proof of authenticity and supply-chain levels for software artifacts (SLSA) Level 3 provenance.

Collectively, Docker, Inc. claims those capabilities reduce vulnerabilities by more than 95% compared to traditional base images.

Docker, Inc., will now offer three tiers of hardened images. The free tier will make it simpler for the average developer to get started building applications that are secure by design. There will also be an enterprise edition that provides access to additional hardened container images that Docker, Inc. continuously updates, along with a new Docker Hardened Images Extended Lifecycle Support (DHI ELS) extension of that service that specifically provides access to container images that have been developed to extend end-of-life applications, added Kaul.

Organizations that previously purchased DHI are automatically upgraded to Docker Hardened Images Enterprise (DHI Enterprise) at no additional cost.

Docker, Inc. is also opting to bundle those images with Debian and Alpine distributions of Linux to eliminate any dependencies on proprietary implementations of Linux, noted Kaul.

It’s not clear how widely application developers have adopted hardened container images, but as it becomes increasingly clear that cybercriminals are attempting to inject malware into the software supply chains, the need for them has become more pressing.

Arguably, the root cause of many application security issues can now be traced back to vulnerable components and images that application developers found and downloaded from some type of software repository. The more organizations restrict access to the types of repositories that application developers access, the more likely it is that the number of downstream incidents will be reduced or eliminated.

Unfortunately, application developers are creatures of habit and inertia is often difficult to overcome. However, the easier it becomes for application developers to do the right thing in the first place, the better off everyone involved in securing applications will be.