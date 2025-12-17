PALO ALTO, Calif., Dec. 17, 2025 (GLOBE NEWSWIRE) -- Docker, Inc.® , a leading provider of cloud and AI-native application development tools, content, and services, today announced a fundamental reset of the container security market. The company is making its catalog of more than 1,000 Docker Hardened Images (DHI), built on the widely adopted open source distributions Debian and Alpine, free and fully open source under the Apache 2.0 license. By open sourcing DHI, Docker allows everyone: developers, maintainers, hobbyists, teams, governments, and organizations to use, share, and build on DHI with clear rights and no hidden restrictions. Businesses that need customizations, regulated-industry compliance, or faster patching than upstream offers can purchase DHI Enterprise, with DHI Extended Lifecycle Support available for coverage after upstream support ends. To make adoption even easier, Docker’s AI assistant can now scan existing containers and recommend and apply equivalent hardened images. Docker is also extending its hardening methodology to Model Context Protocol (MCP) servers, bringing the same security rigor to the AI agent infrastructure that developers are rapidly adopting.

Since launching DHI earlier this year, adoption has accelerated across the ecosystem, with major partners and enterprises including Adobe, Attentive, and Crypto.com already standardizing on hardened images organization-wide, preferring Docker’s approach to compatibility and transparency to alternatives. Organizations that previously purchased DHI are automatically upgraded to Docker Hardened Images Enterprise (DHI Enterprise) at no additional cost.

"Security has to start at the earliest point in development, and needs to be universally available to every developer," said Mark Cavage, President and Chief Operating Officer at Docker, Inc. "By making hardened images freely available and providing tooling that works with today’s AI coding agents, we're giving the entire industry and community the best possible baseline to build on. This is a foundational shift that strengthens every part of the software supply chain and the Internet."

Setting the Industry Standard

Containers are the universal path to production. Docker Hub handles more than 20 billion pulls each month, and Docker's open source base images have powered the world's software for over a decade. When so much of modern development depends on shared foundations, securing those layers is critical.

Supply chain attacks are projected to cost businesses $60 billion globally in 2025 , according to Cybersecurity Ventures. Docker is responding by making hardened images freely available. No subscription required, no usage restrictions, and no vendor lock-in. Built on Debian and Alpine, DHI works everywhere developers work, on any cloud, any orchestrator, any infrastructure.

Hardened Images for Every Developer

Docker Hardened Images reduce vulnerabilities by up-to 95 percent compared to traditional community images. They use a distroless runtime to minimize the attack surface while preserving the tools developers rely on. Every image includes:

Complete SBOM (Software Bill of Materials)

Transparent public CVE data

SLSA Build Level 3 provenance

Cryptographic proof of authenticity

Because DHI is built on Debian and Alpine, not proprietary distributions, anyone can adopt it with no lock in, and minimal changes to existing workflows. Starting today, every developer, startup, and enterprise has access to the same secure foundation.

Extending Security to AI Infrastructure

As AI agents become integral to development workflows, the infrastructure supporting them requires the same security rigor as traditional container workloads. MCP servers, which enable AI assistants to interact with external tools and data sources, have emerged as a new attack vector, with researchers documenting malicious servers, data exfiltration risks, and supply chain vulnerabilities in the emerging ecosystem.

Docker is extending its hardening methodology to MCP server images, launching today with hardened versions of more than ten popular servers including Grafana, MongoDB, GitHub, and Context7. Docker will harden the full MCP catalog in the weeks ahead, applying the same minimal footprint, CVE remediation, and provenance attestations that define DHI.

DHI Enterprise: Advanced Security and Compliance

For organizations with rigorous security and regulatory mandates, DHI Enterprise delivers:

SLA-backed CVE remediation for critical vulnerabilities in under seven days, with a roadmap toward a 24-hour SLA

FIPS-enabled and STIG-ready images

Full customization including adding or changing runtime configuration, tools, certificates, and image contents, while maintaining trust and provenance



Extended Lifecycle Support: Protection Beyond End-of-Life

When upstream support ends, patches stop but vulnerabilities don't. The company is introducing Docker Hardened Images Extended Lifecycle Support (DHI ELS), a paid add-on to DHI Enterprise that provides:

Five additional years of security coverage beyond upstream end-of-life

Continued CVE patches, SBOM updates, and provenance attestations

Ongoing signing and auditability for compliance frameworks



"Every hardened image ships with strong provenance, reproducible builds, and clear attestations," said Tushar Jain, Executive Vice President of Product & Engineering at Docker, Inc. “With DHI Enterprise and DHI ELS, we're giving organizations the control and long-term protection they need to keep critical systems secure."

Customers and Industry Embrace the New Security Baseline

Industry leaders across security, cloud, and open source are voicing strong support for free hardened images as a default. They recognize that free hardened images will raise the security baseline for the entire ecosystem and that the combination of verifiable provenance and predictable long-term support can simplify operations for developers and enterprises alike.

“Docker’s move to make its hardened images freely available under Apache 2.0 underscores its strong commitment to the open source ecosystem. Many CNCF projects can already be found in the DHI catalog, and giving the broader community access to secure, well-maintained building blocks helps us strengthen the software supply chain together. It’s exciting to see Docker continue to invest in open collaboration and secure container infrastructure.”

Jonathan Bryce, Executive Director, Cloud Native Computing Foundation

“Software supply chain attacks are a severe industry problem. Making Docker Hardened Images free and pervasive should underpin faster, more secure software delivery across the industry by making the right thing the easy thing for developers.”

James Governor, Analyst and Co-founder, RedMonk



"Security shouldn't be a premium feature. By making hardened images free, Docker is letting every developer, not just big enterprises, start with a safer foundation. We love seeing tools that reduce noise and toil, and we’re ready to run these secure workloads on Google Cloud from day one."

Ryan J. Salva, Senior Director of Product at Google, Developer Experiences

"At MongoDB, we believe open source plays a central role in how modern software is built, enabling flexibility, choice, and developer productivity. That’s why we’re excited about free Docker Hardened Images for MongoDB. These images provide trusted, ready-to-deploy building blocks on proven Linux foundations such as Alpine and Debian, and with an Apache 2.0 license, they remain fully open source and free for anyone to use. With Docker Hub’s global reach and MongoDB’s commitment to reliability and safety, we are making it easier to build with confidence on a secure and open foundation for the future."

Jim Scharf, Chief Technology Officer, MongoDB

“We're excited to partner with Docker to deliver secure, enterprise-grade AI workloads from development to production. With over 50 million users and the majority of Fortune 500 trusting Anaconda to help them operate at enterprise scale securely, this partnership with Docker brings that same foundation to Docker Hardened Images. This enables teams to spend less time managing risk and more time innovating, while reducing the time from idea to production.”

David DeSanto, Chief Executive Officer, Anaconda

"Socket stops malicious packages at install time, and Docker Hardened Images (DHI) give those packages a trustworthy place to run. With free DHI, teams get both layers of protection without lifting a finger. Pull a hardened image, run npm install, and the Socket firewall embedded in the DHI is already working for you. That is what true secure-by-default should look like, and we're excited to partner with Docker and make it happen at their scale."

Feross Aboukhadijeh, Founder and CEO, Socket

"Teams building with Temporal orchestrate mission-critical workflows, and Docker is how they deploy those services in production. Making Docker Hardened Images freely available gives our users a very strong foundation for those workflows from day one, and Extended Lifecycle Support helps them keep long running systems secure without constant replatforming."

Maxim Fateev, Chief Technology Officer , Temporal

"At CircleCI, we know teams need to validate code as fast as they can generate it—and that starts with a trusted foundation. Docker Hardened Images eliminate a critical validation bottleneck by providing pre-secured, continuously verified components right from the start, helping teams ship fast, with confidence."

Rob Zuber, Chief Technology Officer , CircleCI

"With Docker Hardened Images, you’re not having to pay a security team to do all the things required for securing a container image because it’s already being done for you. The images are trusted, the software verified for minimal CVEs.”

Cameron Griffin, Senior Cloud Security Engineer, GuidePoint Security

“We evaluated multiple options for hardened base images and chose Docker Hardened Images (DHI) for its alignment with our supply chain security posture, developer tooling compatibility, Docker’s maturity in this space, and integration with our existing infrastructure. Our focus was on balancing trust, maintainability, and ecosystem compatibility.”

Vikram Sethi, Principal Scientist, Adobe

Availability

Free Docker Hardened Images (DHI) are available today at https://dhi.io and through Docker Hub.

and through Docker Hub. Available today, DHI Enterprise is a paid offering that features industry leading SLA backed CVE-remediation, FIPS-enabled and STIG-ready images, and customization options including tools, certificates, and runtime configuration.

DHI ELS is available as an add-on for organizations that require hardened updates and compliance continuity for end-of-life software.



