Expanding Docker Hardened Images: Secure Helm Charts for Deployments
Development teams are under growing pressure to secure their software supply chains. Teams need trusted images, streamlined deployments, and compliance-ready tooling from partners they can rely on long term. Our customers have made it clear that they’re not just looking for one-off vendors. They’re looking for true security partners across development and deployment.
That’s why we are now offering Helm charts in the Docker Hardened Images (DHI) Catalog. These charts simplify Kubernetes deployments and make Docker a trusted security partner across the development and deployment lifecycle.
Bringing security and simplicity to Helm deployments
Helm charts are the most popular way to package and deploy applications to Kubernetes, with 75% of users preferring to use them, according to CNCF surveys. With security incidents making headlines more often, confidence now depends on having security and traceability built into every deployment.
Helm charts in the DHI Catalog make it simple to deploy hardened images to production Kubernetes environments. Teams no longer need to worry about insecure configurations, unverified sources, or vulnerable dependencies. Each chart is built with our hardened build system, providing signed provenance and clear traceability so you know exactly what you are deploying every time.
Supporting customers in the wake of Broadcom changes
Broadcom recently announced changes to Bitnami’s distribution model. Most images and charts have moved into a commercial subscription, older versions are archived without updates, and only a limited set of :latest tags remain free for use.
For teams affected by this change, Docker offers a clear path forward:
- Free Docker Official Images, which can be paired with upstream Helm charts for stable, open source deployments
- Docker Hardened Images with Helm charts in the DHI Catalog for enterprise-grade security and compliance
Many teams have relied on Bitnami for images and charts. Helm charts in the DHI Catalog now give teams the option to partner with Docker for secure, compliant deployments, with consistent coverage from development through deployment.
If your team is evaluating alternatives, we invite you to join the beta program. Sign up through our interest form to test Helm charts in the DHI Catalog and help guide their development.
What Helm charts in the DHI Catalog offer
Helm charts in the DHI Catalog are available today in beta. Beta offerings are early versions of future functionality that give customers the opportunity to test, validate, and share feedback. Your input directly shapes how we refine these charts before general availability.
The Helm charts in the DHI Catalog include:
- DHI by default: Every chart automatically references Docker Hardened Images, ensuring deployments inherit DHI’s security, compliance, and SLA-backed patching without manual intervention.
- Regular updates: New upstream versions and DHI CVE fixes automatically flow into chart releases.
- Enterprise-grade security: Charts are built with our SLSA Level 3 build system and include signed provenance for compliance.
- Customer-driven roadmap: We are guided by your feedback, so your input has a direct impact on what we prioritize.
Docker’s Trusted Image Catalogs: DHI and more
It’s worth noting that whether you’re looking for community continuity or enterprise-grade assurance, Docker has you covered:
|
Docker Official Images (DOI) |
Docker Hardened Images (DHI) |
|
Free and widely available |
Enterprise-ready |
|
Maintained with upstream communities |
Minimal, non-root by default, near-zero CVEs |
|
Billions of pulls every month |
SLA-backed with fast CVE patching |
|
Stable, trustworthy foundation |
Compliance-ready with signed provenance and SBOMs |
Together, DOI and DHI give organizations choice: a free, stable foundation for development, or an enterprise-grade hardened catalog with charts for production. If you rely on Docker Official Images, rest assured: they remain free, stable, and community-driven. You can rely on them for a solid foundation for your open source workloads.
Join the beta: Help shape Helm charts in the DHI Catalog
Helm charts in the DHI Catalog are now in invite-only beta as of October 2025. We are working closely with a set of customers to prioritize which charts matter most and ensure migration is smooth.
Participation is open via our interest form, and we welcome your feedback.
Sign up for the beta today!
About the Authors
Sr. Principal Product Marketing Manager, Docker
Aditya Tripathi leads product marketing for Docker’s security portfolio, specializing in secure defaults, supply chain risk, and making security useful for devs.
UX Researcher, Docker
Related Posts
-
May 12, 2026
Docker AI Governance: Unlock Agent Autonomy, Safely
Introducing Docker AI Governance: centralized control over how agents execute, what they can reach on the network, which credentials they can use, and which MCP tools they can call, so every developer in your company can run AI agents safely, wherever they work. Your laptop is the new prod Agents are the biggest productivity unlock…
Srini SekaranRead now
-
Jun 16, 2026
Docker Content Trust: Retirement and Migration Guidance
Docker Content Trust (DCT) and the Notary v1 service at notary.docker.io are being fully retired (first announced in July of 2025). This blog explains what is changing, who is affected, and how to move to modern alternatives.
Julia WilsonandAditya TripathiRead now
-
Jun 15, 2026
Docker joins the Athena coalition: a cross-industry collaboration for supply chain security
AI is lowering the bar for supply chain attacks. Docker is joining the Athena alliance, a cross-industry effort to coordinate the defense of open source, building on our work to give every developer secure-by-default tools and our track record of sharing signals across the ecosystem.
Tushar JainRead now
-
Jun 11, 2026
Docker Hardened Images enhanced vulnerability scanning with Docker and Aikido
Aikido now scans Docker Hardened Images (DHI) with built-in VEX support. Vulnerabilities that Docker has verified as non-exploitable drop out of the queue automatically, so developers spend their time on findings that actually matter. This post walks through what changed, why it matters, and how users can benefit from the new integration. Why teams are…
Dan StelzerandBjorn HovdRead now
