Now free for all developers. Docker's approach to supply chain security rests on five pillars: minimal images, signed provenance, complete SBOMs, VEX insights, and transparent verification.
Five pillars of supply chain security
- Minimal images – Distroless and Alpine bases shrink attack surface by up to 97%
- Signed provenance – Every build is signed and verifiable (SLSA Level 3)
- Complete SBOMs – Full software bill of materials for every image
- VEX insights – Vulnerability Exploitability eXchange for smarter remediation
- Transparent verification – No hidden CVEs; full visibility and control
Run Helm charts, hardened by Docker
Use Helm charts powered by Docker Hardened Images to deploy secure, compliant Kubernetes apps with confidence. Join the move to a safer container ecosystem – DHI is now free for everyone.