Docker Blog
-
Nov 26, 2025
Security that strengthens the ecosystem: Docker’s upstream approach to CVE-2025-12735
On November 24, 2025, Docker Hardened Images resolved CVE-2025-12735 in the Kibana project, which is the visualization and user interface layer for Elasticsearch. This CVE is a critical remote code execution vulnerability that scored 9.8 on the CVSS scale. While images from other hardened image vendors were still carrying the vulnerability, Docker’s security team and…
Laurent GoderreRead now
-
Nov 25, 2025
A New Approach for Coding Agent Safety
Coding agents like Claude Code, Gemini CLI, Codex, Kiro, and OpenCode are changing how developers work. But as these agents become more autonomous with capabilities like deleting repos, modifying files, and accessing secrets, developers face a real problem: how do you give agents enough access to be useful without adding unnecessary risk to your local…
Srini SekaranandEric JiaRead now
-
Nov 25, 2025
Securing the software supply chain shouldn’t be hard. According to theCUBE Research, Docker makes it simple
In today’s software-driven economy, securing software supply chains is no longer optional, it’s mission-critical. Yet enterprises often struggle to balance developer speed and security. According to theCUBE Research, 95% of organizations say Docker improved their ability to identify and remediate vulnerabilities, while 79% rate it highly effective at maintaining compliance with security standards. Docker embeds…
John H. AyubandAditya TripathiRead now
-
Nov 24, 2025
Security that moves fast: Docker’s response to Shai Hulud 2.0
On November 21, 2025, security researchers detected the beginning of what would become one of the most aggressive npm supply chain attacks to date. The Shai Hulud 2.0 campaign compromised over 25,000 GitHub repositories within 72 hours, targeting packages from major organizations including Zapier, ENS Domains, PostHog, and Postman. The malware’s self-propagating design created a…
Christian DupuisandQuentin LaplancheRead now
-
Nov 21, 2025
The Rising Importance of Governance at SwampUP Berlin 2025
On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We’d like to thank the folks at JFrog for having us there and putting on such a great show! Here’s our takeaways from the event about software…
Bogdan SporeaandDan StelzerRead now
-
Nov 21, 2025
How Docker Hardened Images Patches Vulnerabilities in 24 hours
See how Docker Hardened Images patched Golang SSH CVEs in under 24 hours with Scout real-time CVE ingestion, automated rebuilds, SBOM clarity, and AI guardrails.
Christian DupuisRead now
-
Guest Contributor Nov 21, 2025
Beyond the Hype: How to Use AI to Actually Increase Your Productivity as a Dev
Adopt a practical AI coding loop—prompt, plan, produce, refine—to ship better code faster. Agentic tools and context management turn AI into real gains.
Cameron PaveyRead now
-
Nov 20, 2025
Docker Model Runner Integrates vLLM for High-Throughput Inference
New: vLLM in Docker Model Runner. High-throughput inference for safetensors models with auto engine routing for NVIDIA GPUs using Docker.
Dorin Geman,Eric Curtin,andIgnasi Lopez LunaRead now