The new standard for building securely
Multi-distro compatibility
Near-zero CVEs
Transparent SBOMs
Provenance you can trust
What makes DHI different
Drop-in Adoption
Swap the base image and get instant security gains.
Apache 2.0 on Open Distros
You can migrate to and from with freedom and without surprises. Pay when you need stronger SLAs, compliance, or to leverage our build service.
Easiest path to secure supply chain
Drop-in replacements that require minimal changes. Our event-driven build system keeps images continuously updated, and secure customization allows you to tailor hardened images without breaking provenance.
Full transparency
Signed SBOMs and SLSA Level 3 provenance, with complete CVE data.
Built for Developers, hardened for security
When upstream stops, your protection continues. Up to 5 extra years of hardened patching, SBOMs and provenance.
Up and running in seconds
“For the first time, I don’t have to worry about what’s hiding in our base images. That mental overhead is gone, and we can finally focus on the security challenges that are unique to Attentive.”
Jacob Rickerd
Principal Security Engineer at Attentive
A complete security model
forward for organizations operating at scale.
DHI
$
$
Includes:
Hardened, minimal images
Near-zero CVEs
Verifiable SBOMs & SLSA Level 3
provenance
Full, unsuppressed CVE visibility
Drop-in adoption, no workflow
changes
Open source under Apache 2.0
Included usage:
List Item #1
default list item text
DHI Enterprise
$
$
Includes:
Critical CVE fixes <7 days
FIPS/STIG variants
Image lifecycle management with
customization
Built on Docker’s secure build
system
Included usage:
List Item #1
default list item text
DHI ELS
$
$
Includes:
+5 years of hardened updates
Updated SBOMs & provenance
Maintains compliance post-EOL
Protects long-lived workloads
Included usage:
List Item #1
default list item text
Trusted by the ecosystem
“Security shouldn’t be a premium feature. By making hardened images free, Docker is letting every developer—not just big enterprises—start with a safer foundation. We love seeing tools that reduce noise and toil, and we’re ready to run these secure workloads on Google Cloud from day one.”
Ryan J Salva
Senior Director of Product, Developer Experiences
“At MongoDB, we believe open source plays a central role in how modern software is built, enabling flexibility, choice, and developer productivity. That’s why we’re excited about free Docker Hardened Images for MongoDB. These images provide trusted, ready-to-deploy building blocks on proven Linux foundations such as Alpine and Debian, and with an Apache 2.0 license, they remain fully open source and free for anyone to use. With Docker Hub’s global reach and MongoDB’s commitment to reliability and safety, we are making it easier to build with confidence on a secure and open foundation for the future.”
Jim Scharf
Chief Technology Officer, MongoDB
“Docker’s move to make its hardened images freely available under Apache 2.0 underscores its strong commitment to the open source ecosystem. Many CNCF projects can already be found in the DHI catalog, and giving the broader community access to secure, well-maintained building blocks helps us strengthen the software supply chain together. It’s exciting to see Docker continue to invest in open collaboration and secure container infrastructure.”
Jonathan Bryce
Executive Director, Cloud Native Computing Foundation
DHI vs. the Alternatives
|
Docker Hardened Images |
Others |
|
|---|---|---|
|
Distro |
Alpine/Debian |
Proprietary |
|
License |
Apache 2.0 |
Mixed |
|
Access |
Free, full catalog |
Trials / paywalled |
|
Adoption |
Drop-in migration |
Requires workflow changes |
|
Security |
Minimal, near-zero CVEs, SLSA Build L3 |
Inconsistent |
|
Transparency |
SBOMs & Provenance |
Partial visibility (suppressed CVEs, proprietary scoring) |
|
Lifecycle |
ELS provides up to 5 years |
Typically ends up to 6 months |
Docker Hardened Images are now available to every developer
Join Docker leadership on January 13, 11 a.m. ET for a deep dive into the most significant shift in container security in a decade.
Register
Hardened Images for everyone
Docker Hardened Images are now free and open source under Apache 2.0.
Read
Containers are the new supply chain attack vector
Docker engineers break down the five pillars of supply chain security and why minimal, non-root images are a safer default.
Watch