Docker has opened access to more than 1,000 hardened container images, making them free and open source for developers worldwide. These images, initially part of Docker’s commercial Hardened Images (DHI) catalog, are designed to strengthen software supply chain security and reduce vulnerabilities in production environments.
Launched in May, the DHI catalog offers continuously scanned and updated images that minimize exploitable CVEs, run as non-root by default, and maintain a minimal footprint to reduce the attack surface. The images also meet compliance standards and are available across multiple distributions.
The DHI initiative was developed in collaboration with industry leaders including Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz. Each image comes with proof of authenticity, an SBOM, CVE data, and SLSA Build Level 3 provenance to ensure transparency and traceability.
While the basic DHI images are now freely available, Docker continues to offer commercial versions for enterprises with stricter security or regulatory requirements.
Securing the Container Supply Chain
As cybercriminals increasingly target vulnerabilities in the software supply chain, securing containerized applications has become critical. This urgency is reflected in the recent surge of venture capital investment in startups specializing in secure, vulnerability-free container images.
Notable examples include Echo, which raised $50 million across seed and Series A funding, and Chainguard, which recently announced a $280 million growth round. Chainguard’s total funding approaches $900 million, with a pre-funding valuation of $3.5 billion.
The container security market, valued at approximately $3 billion in 2025, is projected to grow exponentially, exceeding $20 billion over the next decade, highlighting the increasing demand for hardened, production-ready images.
Docker’s move to open-source its hardened images is expected to accelerate adoption, helping developers reduce risk while fostering innovation in secure container deployment.
