Docker is introducing unlimited access to its Docker Hardened Images catalog to make near-zero CVEs a practical reality for teams. This change is making enterprise-grade security more accessible at an affordable price via a single subscription, addressing the issue of costs not scaling and causing uneven protection.
This move mirrors how Docker Hub previously made containers simple and universal for developers. To see its impact, Docker is offering a one-click free trial for logged-in users.
The Hardened Images catalog caters to a wide variety of needs, including machine learning and AI images (Kubeflow), languages (Python), databases (PostgreSQL), and infrastructure (Kafka). The hardening approach is based on building images directly from source, continuously patching, and stripping away unnecessary components.
This is a minimal approach that results in images that are 95% smaller than alternatives, which helps to reduce the attack surface. The catalog also includes FedRAMP-ready variants engineered to align with secure requirements demanded by US federal authorities.
Docker said that every image includes Vulnerability Exploitability eXchange (VEX) support, this helps teams to cut through the noise or alerts and focus on vulnerabilities that really matter. The company also said that migration is as simple as changing a single line in a Dockerfile.
Teams are able to customize and extend the hardened images with packages and scripts without losing the hardened baseline and hardened images ship as rootless by default, helping to prevent privilege attacks.
Docker said that the quality of its Hardened Images has been independently validated by SRLabs, a cybersecurity consultancy firm. SRLabs specifically confirms the images are signed, rootless by default, and ship with SBOM + VEX. SRLabs’ assessment found no root escapes or high-severity breakouts and these images have some strengths including 7-day patch service level agreement and a secure built-to-sign pipeline.
Source: Docker