Docker Makes Hardened Images Free and Open Source

Docker has made Docker Hardened Images free and open source, giving developers secure, minimal container images with full transparency from the first build.

by Cedric
Cedric
Hi, I'm Cedric 👋 Google alum, Python pro, self-hosting expert and AI geek. I'm passionate about simplifying tech for all and want to share my knowledge with you 😊
December 18, 2025
•
2 min read

Docker has announced that Docker Hardened Images are now free and open source, a move that sets a new security baseline for the container ecosystem. For teams building and running containers, this significantly lowers the barrier to starting with a secure foundation by default.

Containers are the primary path to production for most developers, with Docker Hub serving more than 20 billion image pulls every month. As supply chain attacks continue to rise across every language and platform, Docker is positioning hardened base images as a shared responsibility across the industry, not a premium feature reserved for large enterprises.

Docker Hardened Images were introduced in May 2025 as minimal, production ready images designed to reduce risk at the very first layer of an application. Since then, Docker has hardened over one thousand images and Helm charts. With this announcement, those images are now available to everyone under an Apache 2.0 license, free to use, modify, and redistribute with no licensing surprises.

A key focus of DHI is transparency. Each image includes a complete SBOM, SLSA Level 3 build provenance, signed artifacts, and public CVE reporting. Vulnerabilities are not hidden or downgraded, even when fixes are still in progress. This gives teams a clear and honest view of their security posture instead of relying on opaque scanner results.

DHI images are built on Alpine and Debian, making them familiar and easy to adopt without major workflow changes. The images are intentionally minimal, which reduces attack surface and results in dramatically fewer CVEs and significantly smaller image sizes. This approach has already been adopted by large enterprises and fast growing startups alike to meet compliance requirements and reduce ongoing security maintenance.

Docker is also expanding the hardened approach beyond base images. Hardened Helm Charts are available for Kubernetes environments, and Docker has introduced Hardened MCP Servers for commonly used services such as MongoDB, Grafana, and GitHub. Over time, Docker plans to extend this model across the full software stack, including libraries and system packages, with the goal of securing applications from main down.

While Docker Hardened Images are now free for everyone, Docker continues to offer enterprise options for organizations with stricter needs. These include SLA backed CVE remediation, support for regulated environments like FIPS and STIG, image customization through Docker’s secure build infrastructure, and extended lifecycle security patching after upstream support ends.

This move echoes the impact Docker Official Images had years ago by providing trusted building blocks for the ecosystem. By making hardened images freely available, Docker is aiming to make secure by default the easiest choice for every developer, every team, and every project.