- About Us
We 365 Admin Support, just simplify your IT problems
Call for a free support. +91 96666 59505Platform Partnership
Over 1,000 Docker Hardened Images (DHI) are now freely accessible and open source for software developers, licensed under Apache 2.0.
Docker is a widely-used platform that empowers developers to efficiently build, test, and deploy applications within container images that encompass all necessary dependencies. This setup ensures consistent and repeatable outcomes across different systems and environments.
Launched in May this year, DHIs are secure, streamlined, and production-ready Docker base images, directly maintained by Docker. They are crafted to lessen the attack surface and supply-chain risks at the container level.
DHIs are rootless, devoid of unnecessary components, free from known vulnerabilities, and support the Vulnerability Exploitability eXchange (VEX) standard for streamlined security management.
Docker guarantees that fixes for new flaws in existing DHI components will be pushed within seven days of their disclosure.
This October, the Docker team announced it would open up unlimited access to its entire catalog of 1,000 DHIs for all developer teams, along with a 30-day free trial for all subscribers.
Docker opted to transition DHIs from a commercial offering to being accessible subscription-free for all developers.
“Today, we are establishing a new industry standard by making DHI freely available and open source for anyone involved in software development. All 26 Million+ developers in the container ecosystem are welcome,” noted the announcement.
“DHI is completely open and free for use, sharing, and building, with no licensing surprises, supported by an Apache 2.0 license. DHI now provides a secure and minimal production-ready foundation from the very first pull,” said the company.
Docker has assured that this move does not compromise security for DHI, as the images remain SBOM-verifiable, the builds offer SLSA Build Level 3 provenance, and every image comes with proof of authenticity.
However, the seven-day critical CVE patching commitment (SLA) remains exclusive to the commercial tier, DHI Enterprise, which is still available. While patches will still be offered to the free tier, they won’t adhere to a defined timeframe.
Regarding DHI Enterprise’s flaw-fixing time, Docker aims to reduce it to one day or less. The commercial tier also allows modifications to DHI images, runtime configurations, and the installation of additional tools.
Docker users can explore the complete DHI catalog along with subscription options here.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide outlines why traditional IAM practices struggle to meet contemporary demands, showcases examples of effective IAM, and provides a straightforward checklist for constructing a scalable strategy.
