Docker introduced this week that it has made greater than 1,000 safe pictures free and open supply for builders.
In Could, the corporate introduced the discharge of Docker Hardened Pictures (DHI), a catalog of hardened pictures designed to assist strengthen enterprise provide chain safety.
The pictures are constantly scanned and up to date to remove — or no less than preserve to a minimal — the variety of exploitable CVEs.
As well as, the photographs run as non-root by default, they’re minimal to scale back the assault floor, they meet compliance requirements, and can be found for a number of distributions.
The DHI catalog was created in partnership with software program growth and safety firms equivalent to Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig, and Wiz.
Once they had been launched, the hardened pictures had been a part of a business providing and positioned behind a paywall. Nevertheless, Docker introduced this week that DHI is now free and open supply, with greater than 1,000 hardened pictures made out there to all builders.
Based on Docker, for transparency, each picture comes with proof of authenticity, an SBOM, CVE knowledge, and SLSA Construct Stage 3 provenance.
Whereas the fundamental DHI is now out there totally free, Docker continues to be providing business variations for enterprises with strict safety or regulatory wants. Commercial. Scroll to proceed studying.
With attackers more and more exploiting vulnerabilities throughout the software program provide chain, securing containers has develop into a mission-critical crucial. The significance of this space is underscored by a surge in enterprise capital in the direction of startups that provide hardened, vulnerability-free container pictures.
Examples embody Echo, which in latest months raised $50 million in seed and Collection A funding, and Chainguard, which lately introduced a $280 million progress funding spherical. Chainguard has raised a complete of practically $900 million and was valued at $3.5 billion previous to the most recent funding spherical.
The sector’s momentum is additional supported by market forecasts. The container safety business is valued at roughly $3 billion in 2025 and is projected to exceed $20 billion over the following decade.
Associated: Uncovered Docker APIs Seemingly Exploited to Construct Botnet
Associated: Docker Desktop Vulnerability Results in Host Compromise
Associated: Docker Hub Customers Focused With Imageless, Malicious Repositories
