CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Docker Hardened Images Catalog Expanded to All Developers and Open Sourced

First reported
Last updated
1 unique sources, 2 articles

Summary

Hide ▲

Docker has announced that its Hardened Images catalog, previously available with a subscription, is now freely available and open source under the Apache 2.0 license. The catalog includes over 1,000 secure, minimal, production-ready Docker base images verified to be free of known vulnerabilities. These images offer enhanced security features, including continuous patches, reduced attack surfaces, and compliance with federal security standards. Docker has partnered with SRLabs for independent validation and ensures a seven-day patch SLA for any new vulnerabilities in the commercial tier. The catalog supports various applications, including AI/ML, databases, frameworks, and infrastructure tools, and is compatible with Alpine and Debian Linux systems. Initially launched in May 2025, Docker Hardened Images (DHI) were designed to reduce the attack surface and supply-chain risks at the container layer. In October 2025, Docker expanded access to the catalog for small businesses, offering a 30-day free trial. The recent move to open source and free availability aims to provide a secure, minimal, production-ready foundation for all developers.

Timeline

  1. 21.12.2025 17:12 1 articles · 23h ago

    Docker Hardened Images now open source and available for free

    Docker has made over 1,000 Hardened Images (DHI) freely available and open source under the Apache 2.0 license. The commercial tier, DHI Enterprise, offers a 7-day critical CVE patching commitment (SLA), while the free tier receives patches without a defined time period. DHI Enterprise also allows modifying DHI images, configuring runtimes, and installing additional tools.

    Show sources
    Open in new tab
  2. 08.10.2025 01:09 2 articles · 2mo ago

    Docker Hardened Images Catalog Access Expanded to Small Businesses

    Docker initially announced unlimited access to its Hardened Images catalog, making secure software bundles affordable for startups and SMBs. The catalog includes container images verified to be free of known vulnerabilities, with a 30-day free trial and subscription options available. In December 2025, Docker further expanded access by making the Hardened Images catalog freely available and open source under the Apache 2.0 license, including over 1,000 secure, minimal, production-ready Docker base images.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical runC vulnerabilities enable container escape to host system

Three critical vulnerabilities in runC, a container runtime used by Docker and Kubernetes, could allow attackers to escape container isolation and gain root access to the host system. The flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, were disclosed by SUSE engineer Aleksa Sarai. Exploiting these vulnerabilities requires the ability to start containers with custom mount configurations, which can be achieved through malicious container images or Dockerfiles. The vulnerabilities affect all versions of runC, with fixes available in versions 1.2.8, 1.3.3, 1.4.0-rc.3, and later. No active exploits have been reported, but researchers at Sysdig have provided detection and mitigation strategies.

Open in new tab

CISA, NSA, and international partners release joint SBOM cybersecurity guide

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and 19 international partners have released a joint guide on the value of software bill of materials (SBOM) for enhancing cybersecurity. The guide aims to inform software producers, procurers, and operators about the benefits of integrating SBOM into security practices. The initiative underscores the importance of SBOMs in identifying and mitigating supply chain vulnerabilities and encourages global alignment for interoperability and scalability. The guide emphasizes the need for international collaboration to advance software supply chain security and drive transparency in software creation and utilization. It highlights the role of SBOMs in providing visibility into software dependencies, enabling risk assessment, and proactive vulnerability mitigation. SBOMs improve security and reduce risks and costs by increasing transparency in software components. They help organizations address security risks in the software supply chain and enable greater visibility across an organization’s software supply chain and enterprise system.

Open in new tab