The new standard for building securely
Multi-distro compatibility
Near-zero CVEs
Transparent SBOMs
Provenance you can trust
What makes DHI different
Drop-in Adoption
Swap the base image and get instant security gains.
Apache 2.0 on Open Distros
You can migrate to and from with freedom and without surprises. Pay when you need stronger SLAs, compliance, or to leverage our build service.
Easiest path to secure supply chain
Drop-in replacements that require minimal changes. Our event-driven build system keeps images continuously updated, and secure customization allows you to tailor hardened images without breaking provenance.
Built with Docker-Maintained
Packages
Every DHI image is built with system packages that Docker builds, patches, and maintains directly from upstream source.
Full Transparency
Signed SBOMs and SLSA Level 3 provenance, with complete CVE data.
Built for Developers, hardened for security
When upstream stops, your protection continues. Up to 5 extra years of hardened patching, SBOMs and provenance.
Security that outlasts upstream
CVE patching continues after upstream EOL
SBOMs and provenance maintained throughout
Covers the images you rely on most: Node, Python, PostgreSQL, and more
Up and running in seconds
“For the first time, I don’t have to worry about what’s hiding in our base images. That mental overhead is gone, and we can finally focus on the security challenges that are unique to Attentive.”
Jacob Rickerd
Principal Security Engineer at Attentive
A complete security model
forward for organizations operating at scale.
Free for every developer
What’s included:
Hardened, minimal images
Near-zero CVEs
Verifiable SBOMs & SLSA Build L3 provenance
Full, unsuppressed CVE visibility
Drop-in adoption, no workflow changes
Full catalog of open source images under Apache 2.0
Built with Docker Hardened System Packages
Upstream cadence for Docker-released patches
Starting at $5k/repo
Everything in community, plus:
FIPS/STIG variants
Critical CVE fixes < 7 days with
SLA-backed continuous patching
Up to 5 customizations per repo (including system packages)
Contact us for pricing
Everything in select, plus:
Critical CVE fixes < 7 days with SLA-backed continuous patching
FIPS/STIG variants
Unlimited customizations, including system packages
Access to Hardened System Packages repo
Full catalog access available
ELS add-on available
Extended Lifecycle Support
Add onSecurity and compliance for end-of-life software. Requires DHI Enterprise.
+5 years of hardened updates
Maintains security updates after upstream EOL
SBOMs & provenance
Protects long-lived workloads
Trusted by the ecosystem
“Security shouldn’t be a premium feature. By making hardened images free, Docker is letting every developer—not just big enterprises—start with a safer foundation. We love seeing tools that reduce noise and toil, and we’re ready to run these secure workloads on Google Cloud from day one.”
Ryan J Salva
Senior Director of Product, Developer Experiences
“At MongoDB, we believe open source plays a central role in how modern software is built, enabling flexibility, choice, and developer productivity. That’s why we’re excited about free Docker Hardened Images for MongoDB. These images provide trusted, ready-to-deploy building blocks on proven Linux foundations such as Alpine and Debian, and with an Apache 2.0 license, they remain fully open source and free for anyone to use. With Docker Hub’s global reach and MongoDB’s commitment to reliability and safety, we are making it easier to build with confidence on a secure and open foundation for the future.”
Jim Scharf
Chief Technology Officer, MongoDB
“Docker’s move to make its hardened images freely available under Apache 2.0 underscores its strong commitment to the open source ecosystem. Many CNCF projects can already be found in the DHI catalog, and giving the broader community access to secure, well-maintained building blocks helps us strengthen the software supply chain together. It’s exciting to see Docker continue to invest in open collaboration and secure container infrastructure.”
Jonathan Bryce
Executive Director, Cloud Native Computing Foundation
DHI vs. the Alternatives
|
Docker Hardened Images |
Others |
|
|---|---|---|
|
Distro |
Alpine/Debian |
Proprietary |
|
License |
Apache 2.0 |
Mixed |
|
Access |
Free, full catalog |
Trials / paywalled |
|
Adoption |
Drop-in migration |
Requires workflow changes |
|
Security |
Minimal, near-zero CVEs, SLSA Build L3 |
Inconsistent |
|
Transparency |
SBOMs & Provenance |
Partial visibility (suppressed CVEs, proprietary scoring) |
|
Lifecycle |
ELS provides up to 5 years |
Typically ends up to 6 months |
Docker Hardened Images are now available to every developer
Hear how how containers shaped the trust model we rely on today at Docker, and what AI-driven systems mean for the next chapter of software supply chain security.
Watch on demand now
Hardened Images for everyone
Docker Hardened Images are now free and open source under Apache 2.0.
Read
Containers are the new supply chain attack vector
Docker engineers break down the five pillars of supply chain security and why minimal, non-root images are a safer default.
Watch