Software containerization company Docker Inc. said today it’s going to transform application security by enabling developers to standardize on security-hardened, enterprise-grade container images that meet the toughest software supply chain challenges.

From today, the company is making its entire catalog of more than 1,000 Docker Hardened Images available entirely for free, under the open-source Apache 2.0 license. By open-sourcing the full catalog, Docker says, it’s giving developers, project maintainers, hobbyists, business and governments the ability to build applications and systems on a more secure foundation, with clear rights and no restrictions on how the images are used.

Docker introduced Docker Hardened Images back in May, saying they have been designed with security at the core. They’re meant to replace standard container images, which are lightweight, standalone packages that include everything needed to run an application, such as its code, runtime, libraries and configurations. They serve as templates to create containers, which are the running instances of these images.

The Hardened Images are minimized, with all but the most essential components stripped out to reduce the attack surface and the potential for vulnerabilities to slip into the underlying code unnoticed. Moreover, they’re continuously maintained and tested to ensure they meet the highest standards of compliance.

With Docker Hardened Images, enterprises can achieve their security and compliance goals without slowing down productivity. As software development accelerates, aided by increased artificial intelligence-driven automation, security guardrails cannot just be bolted on – rather, they must be built into applications at the foundation, Docker argues.

For platform engineers, Docker Hardened Images are a scalable solution to manage secure and compliant container images. Teams can define policies, control provenance and maintain consistency across environments, all from within their existing Docker workflows. Application developers benefit by focusing on building and shipping code, not chasing vulnerabilities, meaning they can work faster without compromising on security with hardened, ready-to-use images readily available via Docker Hub.

While the Hardened Images are now available for free, Docker is offering a new premium service called DHI Enterprise for companies that need customized images, more specific compliance requirements and faster patching. The DHI Enterprise packages feature service level agreement-backed vulnerability remediation, together with customization options for tools, certificates and runtime configuration.

A second paid service launched today is DHI Extended Lifecycle Support, which provides coverage to organizations once upstream support ends for a particular image. This is available as an add-on for enterprises that need continued compliance after software reaches its end-of-life. Docker said any company that has already paid to access its catalog of hardened images will automatically be upgraded to DHI Enterprise at no extra cost.

Docker said it’s also going to extend its hardening methodology to Model Context Protocol servers so as to bring the same security standards to the underlying infrastructure used by AI agents.

Docker President and Chief Operating Officer Mark Cavage said security needs to begin at the earliest point in development and should be universally available to every developer. “By making hardened images freely available, and providing tooling that works with today’s AI coding agents, we’re giving the entire industry and community the best possible baseline to build on,” he said. “This is a foundational shift that strengthens every part of the software supply chain and the Internet.”

The decision to make hardened images freely available may also be a response to the intensifying competition around Docker. Earlier this week, a startup called Echo Software Ltd. raised $35 million in funding to fix container security problems with AI agents. Echo has built up its own library of vulnerability-free container images, which are built and maintained by agents with human oversight. Echo’s pitch is that it’s constantly monitoring the Common Exposures and Vulnerabilities database so it can immediately create and ship fixes for any new bugs discovered in the most popular open-source software projects.

RedMonk analyst James Governor said he welcomes the shift to more secure images, because software supply chain attacks have become a severe problem for enterprises. “Making Docker Hardened Images free and pervasive should underpin faster, more secure software delivery across the industry by making the right thing the easy thing for developers,” he said.

Image: SiliconANGLE/Dreamina