Docker Hardened Images (DHI) give every developer a trusted starting point. Free hardened images with enterprise options for SLAs, compliance, and extended lifecycle security.
Why hardened images matter
Supply chain security starts with your base images. Docker Hardened Images are built for trust: minimal and distroless Debian and Alpine images that remove everything you don't need, shrinking footprint and attack surface by up to 97%. Every image comes with verifiable SBOMs, SLSA Level 3 provenance, and full CVE visibility.
What's included
- Apache 2.0 freedom – Fully open source, free to use, share, and build on
- Up to 95% CVE reduction – Continuously rebuilt images from Docker's hardened pipeline
- 1000+ images and applications – Languages, frameworks, databases, and Helm charts, all signed and verified
- DHI Enterprise – Add SLAs, FIPS/STIG variants, customization, and extended lifecycle support for EOL images