Strategies to cut CVEs and ship secure containers faster
Join Docker for a 7 part webinar series: Securing the modern software supply chain.
Learn how to deliver secure, minimal, production-ready images with near-zero CVEs and up to 95% less attack surface.
In each session you will implement practical steps such as swapping your base and application images with a one-line Dockerfile change, enforcing Cosign signatures and SLSA Build Level 3 provenance checks in CI/CD, consuming complete SBOMs and OpenVEX to cut alert noise, and using purpose-built debug images that keep production minimal.
We anchor every topic to the gold standards of the modern software supply chain: minimal attack surface, complete and verifiable SBOMs, verifiable build provenance, standardized exploitability assessment, and cryptographic verification. Maintained by Docker and backed by an enterprise SLA, Docker Hardened Images are secure, compatible with your preferred Linux environments, and customizable to your DevSecOps stack including FedRAMP-aligned options and Kubernetes-ready workflows.
Register for series now.
Thank you for registering for our webinar. You will receive a confirmation email shortly.
Episode 3: Containers are the new Supply Chain Attack Vectors
What’s coming next
Episode 3: Containers are the new Supply Chain Attack Vector
Martin Perez, Principal Engineer and Nate Bittinger, VP Engineering
In this session, we will take a look at Docker’s five pillars for supply chain security. We look at how these pillars provide a common language for platform, security, and app teams. We will outline why minimal, non-root defaults cut exposure, why complete SBOMs and SLSA Level 3 provenance form a shared source of truth, and how signatures make policy enforceable across registries.
Episode 4: Getting Developers to actually use Secure Containers
Cody Green, Sr Sr. Director, Solutions Engineering, Brian Pratt, Sr. Principle Product Manager and Britney Blodget, Sr. Product Manager
Developers often bypass security when controls add friction, alerts are noisy, or enforcement is inconsistent. This session shows how Docker Hardened Images create a secure by default developer experience that cuts noise with complete SBOMs and OpenVEX, reduces drift with ultra minimal images, and standardizes controls with a secure policy in CI and CD that enforces Cosign signatures and SLSA Build Level 3 provenance.
Real Talk: CISOs and Developers on Supply Chain Risk
Mike Donovan, VP Product
Supply chain risk is real, yet adoption and measurable outcomes are hard without alignment. In this panel you will learn how peers won developer buy in without slowing delivery, aligned CISOs, developers, and researchers on shared goals, and instrumented KPIs that prove risk reduction and velocity gains. You will implement a practical adoption playbook that includes policy as code for consistent enforcement, an exception and waiver process, rollout patterns that scale across teams, and dashboards that show ROI. Expect peer proof points, real world lessons, and credibility you can use with decision makers.
Sneak Peek: Docker at AWS re:Invent
A preview of what Docker is bringing to re:Invent 2025, including new DHI capabilities, Secure Build enhancements, and AI workflow integrations. This session also offered early access to upcoming partner and ecosystem announcements
Watch past episodes on demand
Trust and Stability in the Software Supply Chain: Navigating Change with Confidence
Open source is powerful—but not all OSS solutions are built for long-term stability, support, or enterprise resilience. This session explores what to consider when relying on community-maintained components, how vendor shifts can impact your security and compliance posture, and what to look for in partners that can deliver both flexibility and trust at scale.
Watch here
Why Agentic AI at scale makes Supply Chain Security critical
As agentic AI systems dynamically pull dependencies, unsecured runtimes and unverified packages create serious attack surface expansion. Docker Hardened Images provide minimal, patched AI runtimes to reduce CVEs and enforce trust without slowing innovation
Watch here