software supply chain security Archives

Apr 8, 2026

Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io

We recently announced the integration between Mend.io and Docker Hardened Images (DHI) provides a seamless framework for managing container security. By automatically distinguishing between base image vulnerabilities and application-layer risks, it uses VEX statements to differentiate between exploitable vulnerabilities and non-exploitable vulnerabilities, allowing your team to prioritize what really matters. TL;DR: The Developer Value Proposition…

Read now

Announcing Docker Hardened System Packages

Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs.

Read now

Hardened Images Are Free. Now What?

Docker Hardened Images are now free. Learn the waterline model, supply chain isolation, VEX, and policy automation to cut CVE noise and meet compliance.

Mark Lechner

Read now

Jan 14, 2026

Safer Docker Hub Pulls via a Sonatype-Protected Proxy

Why a “protected repo”? Modern teams depend on public container images, yet most environments lack a single, auditable control point for what gets pulled and when. This often leads to three operational challenges: Inconsistent or improvised base images that drift across teams and pipelines. Exposure to new CVEs when tags remain unchanged but upstream content…

Read now

theCUBE Research economic validation of Docker’s development platform

Docker’s ROI and impact on agentic AI, security, and developer productivity. theCUBE Research surveyed ~400 IT and AppDev professionals at leading global enterprises to investigate Docker’s ROI and impact on agentic AI development, software supply chain security, and developer productivity. The industry context is that enterprise developers face mounting pressure to rapidly ship features, build…

John H. Ayub

Read now