Setting Docker Hardened Images free (Interview)

Summary of Setting Docker Hardened Images free (Interview)

by Changelog Media

1h 16mFebruary 4, 2026
Listen to Episode

Overview of Setting Docker Hardened Images free (Interview)

This episode of The Changelog features Tushar Jan, EVP of Engineering at Docker, discussing Docker Hardened Images (DHI): what they are, why Docker made them free/open-source, the technical guarantees they provide, how they fit into supply‑chain security, and how Docker plans to extend this work into secure build pipelines and safe runtimes for AI agents. The interview covers practical developer tradeoffs, adoption, partner integrations, and the roadmap (system packages, language packs, secure builds, and agent sandboxes).

Key points & main takeaways

  • Docker Hardened Images (DHI) are minimal, production‑ready base and app images focused on low CVE surface, signed provenance, and reproducible builds.
  • Docker made most of DHI free and open source (Apache 2) so anyone building software has a secure starting point; paid tiers remain for enterprise SLA, FIPS/STIG, long‑term support, and advanced compliance features.
  • Table‑stakes guarantees included with free DHI: SBOMs, SLSA (pronounced “SALSA”) build provenance (they aim for SLSA Level 3), cryptographic signing, and VEX (vulnerability/exploitability) statements to reduce scanner noise and improve transparency.
  • Docker replaced ad‑hoc Dockerfile builds for DHI with a reproducible semantic YAML build layer (still using buildkit underneath) and open‑sourced the builder.
  • DHI includes automated scanning (Scout health score), checks for embedded secrets/malware, and publishes full transparency about vulnerabilities and which are considered non‑exploitable via VEX.
  • Docker’s strategic view: because Docker sits at a core place in the software supply chain, it has both responsibility and opportunity to raise the default security posture across the ecosystem.
  • Future roadmap: expand hardened system and language packages, offer long‑term patches as a paid option, expose secure build pipelines more broadly, and build secure runtimes/sandboxes for AI agents (microVMs, network proxies, credential injection, trusted MCP/MCP registries).

What Docker Hardened Images (DHI) are

  • Minimal curated container images (base and app images) maintained and patched by Docker to reduce attack surface.
  • Provide SBOMs (Software Bill of Materials) showing everything in an image, signed build provenance (SLSA), and VEX statements that mark which CVEs are not exploitable in that image & why.
  • Cataloged images (1000+ hardened images and Helm charts referenced) built atop familiar distros (Debian/Alpine variants) with automated scanning and a visible health score (Scout).
  • Free/open source for broad adoption; enterprise features available under paid plans.

Technical details (concise)

  • SBOM: full list of bundled packages and transitive dependencies, signed and consumable by scanners.
  • SLSA (Salsa in the interview): an open standard for secure/reproducible builds. DHI aims for SLSA Level 3 builds and has open‑sourced its builder.
  • VEX: vulnerability exploitability exchange/annotation. DHI publishes vulnerabilities transparently and includes VEX assertions indicating which CVEs are not exploitable (to reduce false alarms and scanner noise).
  • Build system: Docker moved from free‑form Dockerfiles to a constrained, semantic YAML build description to ensure reproducibility and meet SLSA requirements; buildkit is still used under the hood.
  • Scout health score: Docker’s scanning engine that rates images (A grade expected for DHI). Criteria include critical/high CVEs, signed attestations, embedded secrets, malware checks, etc.

Developer impact, tradeoffs & migration advice

  • Benefits: easier secure baseline, fewer vulnerabilities, SBOM/provenance for audits, faster patching, simpler compliance for open‑source projects.
  • Tradeoffs: reduced “usability‑first” tooling (may lack shell, package managers in production images). Recommended patterns:
    • Use development images (with debugging tools) for dev; multi‑stage builds to produce minimal production images.
    • If you need additional packages, Docker can customize and still preserve SBOM/SLSA/VEX.
    • For complex migrations, Docker plans agent tools to automate and assist migration.
  • Docker’s stance: “There’s really no reason not to use Docker Hardened Images” for most projects.

Adoption, ecosystem & partnerships

  • DHI was launched as a paid product earlier in 2025; Docker made the catalog freely available and open source in December 2025 to drive broad adoption and create a secure default.
  • Partners and integrations include cloud providers, scanners (Wiz etc.), security vendors (Socket), CI/CD tools, and enterprise platforms (Microsoft was an early integrator). Docker aims to work closely with partners for registry, CI, and runtime integrations.
  • Docker expects the free tier to accelerate adoption and funnel enterprise customers to paid, SLA-backed offerings.

Notable quotes & soundbites

  • “Start green, stay green.” — encapsulates Docker’s goal of making secure images the default starting point.
  • “There’s really no reason not to use Docker Hardened Images.” — on when to adopt DHI.
  • DHI vision: secure the entire supply chain and create a secure runtime for untrusted workloads (AI agents).

Roadmap and future directions

  • Short/near-term:
    • Expand catalog coverage (system packages, more language packaging).
    • Offer paid long‑term support (LTS) patches for enterprise.
    • Release agent tools to help migration.
  • Medium-term:
    • Expose a globally available secure build pipeline for others to use (SLSA‑compliant builder).
    • Improve integrations with other registries, scanners, CSPs, and CI systems.
  • AI & runtime work:
    • Build secure runtimes for AI agents (Docker Sandboxes / microVMs, network proxies, credential injection, access control).
    • Trusted MCP servers and registries to vet agent capabilities and limit supply‑chain risk when using third‑party agent components.
    • Seamless local & cloud runtime experience — an “AIDE” (AI Development Environment) that lets users run agents safely locally or in the cloud.

Practical recommendations / action items

  • If you maintain images or run containers:
    • Try DHI (free) as your base image; run tests for any packages your app needs and use multi‑stage builds for production.
    • Inspect SBOMs, SLSA attestations, and VEX statements to understand provenance and exploitability.
    • Integrate VEX‑aware scanners and monitor Scout health scores.
  • For platform/security teams:
    • Consider adding DHI to your internal policies and evaluate enterprise options for SLA / LTS / compliance.
    • Collaborate with CI/CD and registry vendors to ensure DHI fits your pipeline and attestation standards.
  • For organizations planning to use coding agents:
    • Start planning for secure runtimes and agent governance (credential injection, network proxies, least privilege).
    • Prefer sandboxes / microVMs and vetted MCP services rather than running arbitrary code directly on developer machines or CI runners.

Recommended listening / follow-ups

  • Explore Docker’s DHI catalog and individual image security pages (SBOM, Scout score, vulnerabilities, VEX).
  • Watch for Docker’s secure build builder repo and documentation (they’ve open‑sourced their builder).
  • Track Docker Sandboxes and runtime announcements for evolving agent sandboxing / AIDE features.

Closing note

Docker’s move to make Hardened Images free and open-source is positioned as both an ethical and strategic shift: raising the security baseline across the wider ecosystem while driving enterprise adoption of paid compliance and LTS features. The work goes beyond images — toward reproducible builds, transparent vulnerability statements, secure runtimes for AI agents, and a vision of default‑secure software delivery.