software supply chain security
-
Jun 8, 2026
5 Software Supply Chain Security Best Practices for Development Teams
Learn the key software supply chain security best practices for container-based delivery, from trusted base images and dependency management to build provenance and runtime monitoring.
Aditya TripathiRead now
-
Jun 4, 2026
Hardened Images Explained: Fewer CVEs, Smaller Attack Surface
Learn what hardened container images are, how they reduce CVE exposure by removing unnecessary packages, and why they’re becoming the standard for secure container deployments.
Aditya TripathiRead now
-
Jun 3, 2026
What is Software Supply Chain Security?
Learn what software supply chain security is, why it matters, and how to protect every stage of your software delivery pipeline with container-based infrastructure and trusted content.
Aditya TripathiRead now
-
Scanner Integrations May 5, 2026
Precision Container Security with Docker and Black Duck
The complexity of modern containerized applications often leaves developers drowning in a sea of “noise”—vulnerabilities that exist in the file system but pose zero actual risk to the application. The integration between Black Duck and Docker Hardened Images (DHI) provides a definitive answer to this challenge. By combining Docker’s secure-by-default foundations, using VEX (Vulnerability Exploitability…
Jessy McDermottandDan StelzerRead now
-
Apr 8, 2026
Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io
We recently announced the integration between Mend.io and Docker Hardened Images (DHI) provides a seamless framework for managing container security. By automatically distinguishing between base image vulnerabilities and application-layer risks, it uses VEX statements to differentiate between exploitable vulnerabilities and non-exploitable vulnerabilities, allowing your team to prioritize what really matters. TL;DR: The Developer Value Proposition…
Adam DawsonandDor HayunRead now
-
Mar 3, 2026
Announcing Docker Hardened System Packages
Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs.
Adam DawsonandAditya TripathiRead now
-
Feb 10, 2026
Hardened Images Are Free. Now What?
Docker Hardened Images are now free. Learn the waterline model, supply chain isolation, VEX, and policy automation to cut CVE noise and meet compliance.
Mark LechnerRead now
-
Jan 14, 2026
Safer Docker Hub Pulls via a Sonatype-Protected Proxy
Why a “protected repo”? Modern teams depend on public container images, yet most environments lack a single, auditable control point for what gets pulled and when. This often leads to three operational challenges: Inconsistent or improvised base images that drift across teams and pipelines. Exposure to new CVEs when tags remain unchanged but upstream content…
Anna ChernyshovaandAndrés PérezRead now