The open-source software industry has recently seen significant developments, particularly with Docker, a popular platform that facilitates software development through containerization, announcing the release of more than 1,000 Docker Hardened Images (DHI). These images are now being offered free of charge and have been made open source under the Apache 2.0 license. This move by Docker is expected to benefit over 26 million developers engaged in container-based software creation.<\/p>\n
Docker is known for allowing developers to build, test, and deploy applications swiftly using container images that encapsulate necessary dependencies. This environment ensures consistency and reproducibility across different systems and settings. The Docker Hardened Images, officially launched earlier this year, aim to provide a more secure and streamlined base for Docker users. They are meticulously maintained by Docker to mitigate security vulnerabilities and reduce risks associated with the software supply chain.<\/p>\n
The DHI initiative advocates for a rootless architecture, removing superfluous components, eradicating known vulnerabilities, and employing the Vulnerability Exploitability eXchange (VEX) standard for more efficient security management. Docker commits to addressing identified vulnerabilities in DHI components with fixes issued within seven days of disclosure. <\/p>\n
The company previously announced in October its transition to offering unrestricted access to its extensive catalog of Hardened Images for developer teams, complemented by a 30-day free trial subscription. Following from these initiatives, Docker has now elected to transition DHIs from a commercial product into an open-access resource for developers, with no subscription fees imposed. This strategy could potentially set a new industry standard by providing universally accessible, secure, and minimal production-ready systems upon initial use by developers.<\/p>\n
Despite being free, these images maintain high integrity by being SBOM (Software Bill of Materials)-verifiable, supporting the SLSA Build Level 3 standard for build provenance, and each image verified for authenticity. However, the dedication to patch critical vulnerabilities within seven days remains exclusive to the Enterprise tier, a premium service level still available for those requiring enhanced features. This commercial tier offers additional capabilities such as image modification, runtime configuration, and the integration of supplementary tools, aiming to reduce the critical vulnerability patching time even further.<\/p>\n
The availability of these Docker Hardened Images as open-source tools reflects a substantial shift towards enhancing the security and accessibility of containerized applications, fortifying the development environments against potential threats. With the free tier offering a robust foundation without financial barriers, developers across the globe now have the opportunity to leverage these resources to create secure and efficient software solutions.<\/p>\n","protected":false},"excerpt":{"rendered":"
Docker has announced the release of over 1,000 free Docker Hardened Images, aimed at enhancing secure software development. These images, now open source under the Apache 2.0 license, provide a secure base for containerized applications by addressing security vulnerabilities. This initiative offers developers worldwide access to consistency and security without financial restrictions, potentially setting a new industry standard. While the free tier offers robust security features, a premium enterprise service is available for advanced needs, ensuring rapid vulnerability patching and additional capabilities.<\/p>\n","protected":false},"author":2,"featured_media":3931,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[31],"tags":[27],"class_list":["post-3930","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-awareness","tag-security"],"acf":{"avis_rs":"Security and accessibility without cost barriers\u2014imagine that! Docker\u2019s move to make over 1,000 Hardened Images freely available is more than just a gift; it\u2019s a game-changer for secure software development. By prioritizing security, rooting out vulnerabilities, and offering a comprehensive, verifiable build, Docker isn\u2019t just handing out free resources\u2014they\u2019re setting a new standard. Could this open-access shift be the key to more resilient software ecosystems? How might this influence innovation in your projects? Let's engage and explore possibilities together!"},"_links":{"self":[{"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/posts\/3930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/comments?post=3930"}],"version-history":[{"count":0,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/posts\/3930\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/media\/3931"}],"wp:attachment":[{"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/media?parent=3930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/categories?post=3930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blooo.io\/en\/wp-json\/wp\/v2\/tags?post=3930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}