 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Companies such as Docker and Bitnami have long offered ready-to-run application stacks and images for businesses that wanted easy-to-deploy server container images. Then Chainguard came along and offered developers and sysadmins secure, hardened container images. The race for the secure container market was on.
Now, Docker has upped its game by launching Docker Hardened Images (DHI). This new curated catalog of security-hardened, enterprise-grade container images addresses escalating software supply chain threats. The offering, now available through Docker Hub, is designed to help developers, security engineers and platform teams deploy secure containers without disrupting established workflows.
According to Michael Donovan, Docker’s vice president of product, via a statement, “The complexity of securing container dependencies shouldn’t fall squarely on developers’ shoulders. With Docker Hardened Images, we’re making it easier for teams to build with trusted and verified components that meet enterprise-grade security and compliance standards without adding friction to their workflow.”
The key features of DHI include:
Docker is not alone as it launches these new secure images. Its partners, such as Cloudsmith, GitLab, JFrog, Microsoft, Neo4j, Sonatype and Wiz are also supporting the DHI ecosystem.
What it all boils down to, according to Steven Dickens, CEO and principal analyst at HyperFRAME Research, is that Docker Hardened Images are “a major step forward in software supply chain assurance,” highlighting Docker’s established trust and scale in the developer ecosystem.” Oron Noah, VP of product at Wiz, added, “Wiz is excited to see Docker entering the container vulnerability management space with their Hardened Images offering.”
Does this offering sound familiar? It should. This is pretty much what Chainguard provides to its customers with its Chainguard Images.
Indeed, back in March 2024, Chainguard and Docker formed a strategic partnership to offer Chainguard’s secure, hardened container images to millions of developers via Docker Hub through the Docker Verified Publisher (DVP) program.
Going forward, both Docker and Chainguard will be focused on delivering secure, minimal and continuously updated container images that address modern compliance and vulnerability management needs.
The major differences between the two are that DHI is, obviously, built into the familiar Docker workflow with links into its partner ecosystem. Chainguard, on the other hand, attempts to deliver images with zero common vulnerabilities and exposures (CVEs) via its rapid remediation and daily rebuild mechanisms.
Both Docker and Chainguard are responding to industry demand for trusted, scalable solutions that reduce container risk without slowing development. Docker leverages its massive developer base and the ubiquity of Docker Hub to deliver hardened images directly into existing workflows. Chainguard, meanwhile, positions itself as the “safe source for open source,” with a focus on eliminating CVEs entirely, rapid patching and compliance for highly regulated environments.
They’re not the only companies operating in this new marketspace. Red Hat offers Universal Base Images (UBI); Wiz has its WizOS hardened, minimal, near-zero-CVE container base images; RapidFort offers Curated Images; and Canonical has Chiseled Images.
However, as Chainguard pointed out in its The State of Hardened Container Images Report, it’s not that easy to create truly secure images with minimal CVEs. Indeed, in some efforts, such as with the U.S. Air Force’s Iron Bank, the 50 most downloaded images average 110 CVEs. That’s not good enough.
With both Docker and Chainguard focusing on producing secure images, I see the overall quality of these locked-down container images improving.
