CyberSecurity news
FlagThis
@cloudnativenow.com
//
Docker, Inc. has unveiled Docker Hardened Images (DHI), a new offering designed to enhance software supply chain security for application development teams. These curated container images are built to be secure, minimal, and production-ready, providing a trusted foundation for developers working across multiple Linux distributions, including Alpine and Debian. DHI aims to address the growing challenges of securing container dependencies by providing enterprise-grade images with built-in security features.
DHI is integrated directly into Docker Hub, making it easily accessible to developers. Docker Hardened Images are designed to prevent them from being able to run at root, which is an important security consideration. Each curated container image has been digitally signed and complies with the Supply Chain Levels for Software Artifacts (SLSA) framework defined by Google and the Open Source Security Foundation (OpenSSF). Several partners, including Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig and Wiz, are also providing hardened container images of their software.
The focus of DHI is on practicality and seamless integration into existing developer workflows. Docker is committed to making software supply chain security more accessible and actionable. DHI offers platform engineers a scalable way to manage secure, compliant images with full control over policies and provenance. DHI containers include SBOMs, VEX statements, digital signatures, and SLSA Build Level 3 attestations for full provenance and transparency.
ImgSrc: cloudnativenow.
References :
DHI is integrated directly into Docker Hub, making it easily accessible to developers. Docker Hardened Images are designed to prevent them from being able to run at root, which is an important security consideration. Each curated container image has been digitally signed and complies with the Supply Chain Levels for Software Artifacts (SLSA) framework defined by Google and the Open Source Security Foundation (OpenSSF). Several partners, including Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig and Wiz, are also providing hardened container images of their software.
The focus of DHI is on practicality and seamless integration into existing developer workflows. Docker is committed to making software supply chain security more accessible and actionable. DHI offers platform engineers a scalable way to manage secure, compliant images with full control over policies and provenance. DHI containers include SBOMs, VEX statements, digital signatures, and SLSA Build Level 3 attestations for full provenance and transparency.
ImgSrc: cloudnativenow.
Share:
References :
- Docker: Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production
- BetaNews: Docker introduces Hardened Images to boost supply chain security
- cloudnativenow.com: Docker, Inc. Adds Curated Hardened Container Images to Hub
- Techzine Global: Docker launches Hardened Images for enhanced security
Classification:
- HashTags: #Docker #ContainerSecurity #SupplyChain
- Company: Docker
- Target: Developers
- Product: Docker Hub
- Feature: Hardened Container Images
- Type: ProductUpdate
- Severity: Informative