CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Cloud Security

Docker Makes 1,000 Hardened Images Free and Open Source

Millions of developers can now use the secure, production-ready images made by Docker. The post Docker Makes 1,000 Hardened Images Free and Open Source appeared first on SecurityWeek.

Docker security

Docker announced this week that it has made more than 1,000 secure images free and open source for developers.

In May, the company announced the release of Docker Hardened Images (DHI), a catalog of hardened images designed to help strengthen enterprise supply chain security. 

The images are continuously scanned and updated to eliminate — or at least keep to a minimum — the number of exploitable CVEs.

In addition, the images run as non-root by default, they are minimal to reduce the attack surface, they meet compliance standards, and are available for multiple distributions.

The DHI catalog was created in partnership with software development and security companies such as Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz.

When they were launched, the hardened images were part of a commercial offering and placed behind a paywall. However, Docker announced this week that DHI is now free and open source, with more than 1,000 hardened images made available to all developers. 

According to Docker, for transparency, every image comes with proof of authenticity, an SBOM, CVE data, and SLSA Build Level 3 provenance.

While the basic DHI is now available for free, Docker is still offering commercial versions for enterprises with strict security or regulatory needs. 

With attackers increasingly exploiting vulnerabilities within the software supply chain, securing containers has become a mission-critical imperative. The importance of this area is underscored by a surge in venture capital towards startups that offer hardened, vulnerability-free container images. 

Examples include Echo, which in recent months raised $50 million in seed and Series A funding, and Chainguard, which recently announced a $280 million growth funding round. Chainguard has raised a total of nearly $900 million and was valued at $3.5 billion prior to the latest funding round. 

The sector’s momentum is further supported by market forecasts. The container security industry is valued at roughly $3 billion in 2025 and is projected to exceed $20 billion over the next decade.

Related: Exposed Docker APIs Likely Exploited to Build Botnet

Related: Docker Desktop Vulnerability Leads to Host Compromise

Related: Docker Hub Users Targeted With Imageless, Malicious Repositories

Latest News

CYBERNEWSMEDIAPublisher