Every organization we speak with shares the same goal: to deliver software that is secure and free of CVEs. Near-zero CVEs is the ideal state. But achieving that ideal is harder than it sounds, because paradoxes exist at every step. Developers patch quickly, yet new CVEs appear faster than fixes can ship. Organizations standardize on open source, but every dependency introduces fresh exposure. Teams are asked to move at startup speed, while still delivering the assurances expected in enterprise environments.
The industry has tried to close this gap and chase the seemingly impossible goal of near-zero CVEs. Scanners only add to the challenge, flooding teams with alerts more noise than signal. Dashboards spotlight problems but rarely deliver solutions. Hardened images hold real promise, giving teams a secure starting point with container images free of known vulnerabilities. But too often, they’re locked behind a premium price point. Even when organizations can pay, the costs don’t scale, leaving uneven protection and persistent risk.
That changes today. We’re introducing unlimited access to the Docker Hardened Images catalog, making near-zero CVEs a practical reality for every team at an affordable price. With a single Hardened Images subscription, every team can access the full catalog: unlimited, secured, and always up to date. Logged in users will be able to access a one-click free trial, so teams can see the impact right away.
This launch builds on something we’ve done before. With Docker Hub, we made containers accessible to every developer, everywhere. What was once complex, niche, and difficult to adopt became simple and universal. Now, Docker can play that same role in securing the ecosystem.
Every developer’s journey, whether they realize it or not, often begins with Docker Hub, and the first step in that journey should be secure by default, with hardened, trusted images accessible to everyone, without a premium price tag.
What makes Docker Hardened Images different
Unlimited access to the Docker Hardened Images catalog isn’t just another secure image library, it’s a comprehensive foundation for modern development. The catalog covers the full spectrum of today’s needs: ML and AI images like Kubeflow, languages and runtimes such as Python, databases like PostgreSQL, application frameworks like NGINX, and core infrastructure services including Kafka.It even includes FedRAMP-ready variants, engineered to align out of the box with U.S. federal security requirements.
What truly sets Docker Hardened Images apart is our hardening approach. Every image is built directly from source, patched continuously from upstream, and hardened by stripping away unnecessary components. This minimal approach not only reduces the attack surface but also delivers some of the smallest images available, up to 95% smaller than alternatives. Each image also includes VEX (Vulnerability Exploitability eXchange) support, helping teams cut through noise and focus only on vulnerabilities that truly matter.
Docker Hardened Images is compatible with widely adopted distros like Alpine and Debian. Developers already know and trust these, so the experience feels familiar and trusted from day one. Developers especially appreciate how flexible the solution is: migrating is as simple as changing a single line in a Dockerfile. And with customization, teams can extend hardened images even further, adding out-of-the-box system packages, certifications, scripts, and tools without losing the hardened baseline.
And this isn’t just our claim. The quality and rigor of Docker Hardened Images were independently validated by SRLabs, an independent cybersecurity consultancy, who confirmed that the images are signed, rootless by default, and ship with SBOM + VEX. Their assessment found no root escapes or high-severity breakouts, validated Docker’s 95% reduction in attack surface, and highlighted the 7-day patch SLA and build-to-sign pipeline as clear strengths over typical community images.
Making security universal
By making hardened, trusted images accessible to everyone, we ensure every developer’s journey begins secure by default, and every organization, from startups to enterprises, can pursue near-zero CVEs without compromise.
- Talk to us to learn more
- Explore how Docker Hardened Images is a good fit for every team
- Start a on-click free 30 day trial (requires Hub login) to see the difference for yourself