Docker announced this week that it has made more than 1,000 secure images free and open source for developers.
In May, the company announced the release of Docker Hardened Images (DHI), a catalog of hardened images designed to help strengthen enterprise supply chain security.
The images are continuously scanned and updated to eliminate — or at least keep to a minimum — the number of exploitable CVEs.
In addition, the images run as non-root by default, they are minimal to reduce the attack surface, they meet compliance standards, and are available for multiple distributions.
The DHI catalog was created in partnership with software development and security companies such as Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz.
When they were launched, the hardened images were part of a commercial offering and placed behind a paywall. However, Docker announced this week that DHI is now free and open source, with more than 1,000 hardened images made available to all developers.
According to Docker, for transparency, every image comes with proof of authenticity, an SBOM, CVE data, and SLSA Build Level 3 provenance.
While the basic DHI is now available for free, Docker is still offering commercial versions for enterprises with strict security or regulatory needs.
With attackers increasingly exploiting vulnerabilities within the software supply chain, securing containers has become a mission-critical imperative. The importance of this area is underscored by a surge in venture capital towards startups that offer hardened, vulnerability-free container images.
Examples include Echo, which in recent months raised $50 million in seed and Series A funding, and Chainguard, which recently announced a $280 million growth funding round. Chainguard has raised a total of nearly $900 million and was valued at $3.5 billion prior to the latest funding round.
The sector’s momentum is further supported by market forecasts. The container security industry is valued at roughly $3 billion in 2025 and is projected to exceed $20 billion over the next decade.
Related: Exposed Docker APIs Likely Exploited to Build Botnet
Related: Docker Desktop Vulnerability Leads to Host Compromise
Related: Docker Hub Users Targeted With Imageless, Malicious Repositories
