software supply chain security
-
Jun 25, 2026
EU Cyber Resilience Act: Overview, Requirements, and Timelines
Learn what the EU Cyber Resilience Act requires, including SBOM mandates, vulnerability reporting, and compliance deadlines for container teams.
Read now
-
Jun 23, 2026
What is an SBOM (and Why Can’t You Ship Without One)?
Learn what a software bill of materials (SBOM) is, why it matters for supply chain security, how to generate one, and what formats and standards to use.
Read now
-
Jun 8, 2026
5 Software Supply Chain Security Best Practices for Development Teams
Learn the key software supply chain security best practices for container-based delivery, from trusted base images and dependency management to build provenance and runtime monitoring.
Read now
-
Jun 4, 2026
Hardened Images Explained: Fewer CVEs, Smaller Attack Surface
Learn what hardened container images are, how they reduce CVE exposure by removing unnecessary packages, and why they’re becoming the standard for secure container deployments.
Read now
-
Jun 3, 2026
What is Software Supply Chain Security?
Learn what software supply chain security is, why it matters, and how to protect every stage of your software delivery pipeline with container-based infrastructure and trusted content.
Read now
-
Scanner Integrations May 5, 2026
Precision Container Security with Docker and Black Duck
The complexity of modern containerized applications often leaves developers drowning in a sea of “noise”—vulnerabilities that exist in the file system but pose zero actual risk to the application. The integration between Black Duck and Docker Hardened Images (DHI) provides a definitive answer to this challenge. By combining Docker’s secure-by-default foundations, using VEX (Vulnerability Exploitability…
Read now
-
Apr 8, 2026
Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io
We recently announced the integration between Mend.io and Docker Hardened Images (DHI) provides a seamless framework for managing container security. By automatically distinguishing between base image vulnerabilities and application-layer risks, it uses VEX statements to differentiate between exploitable vulnerabilities and non-exploitable vulnerabilities, allowing your team to prioritize what really matters. TL;DR: The Developer Value Proposition…
Read now
-
Mar 3, 2026
Announcing Docker Hardened System Packages
Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs.
Read now