A Safer Container Ecosystem with Docker: Free Docker Hardened Images
Key topics
Docker's launch of "Hardened Images" has sparked a heated debate about the true meaning of "hardened" in the container ecosystem. Some commenters, like benatkin, are skeptical, arguing that Docker's effort is merely a marketing play that contributes to CVE bloat, while others, like nathanchou, see an opportunity to offer their own hardening services for a fee. The discussion also touches on the competitive landscape, with jacques_chester suggesting that Docker's move is a response to Chainguard's rapid growth and VC funding. Amidst the skepticism, some users are already reporting issues with Docker's Hardened Images Catalog, highlighting the need for attention to detail in the hardening process.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
30m
Peak period
60
0-12h
Avg / period
16
Based on 96 loaded comments
Key moments
- 01Story posted
Dec 17, 2025 at 12:13 PM EST
16 days ago
Step 01 - 02First comment
Dec 17, 2025 at 12:43 PM EST
30m after posting
Step 02 - 03Peak activity
60 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Dec 25, 2025 at 2:35 PM EST
8 days ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
There's a "Make a request" button, but it links to this 404-ing GitHub URL: https://github.com/docker-hardened-images/discussion/issues
oh well. hope its good stuff otherwise.
We can harden that image for you. $800/img/mth for standard setups. Feel free to reach out on our contact form and our automations will ping our phones, so you can expect a quick response (even on weekends).
Chainguard still has better CVE response time and can better guarantee you zero active exploits found by your prod scanners.
(No affiliation with either, but we use chainguard at work, and used to use bitnami too before I ripped it all out)
I work at Chainguard. We don't guarantee zero active exploits, but we do have a contractual SLA we offer around CVE scan results (those aren't quite the same thing unfortunately).
We do issue an advisory feed in a few versions that scanners integrate with. The traditional format we used (which is what most scanners supported at the time) didn't have a way to include pending information so we couldn't include it there.
The basic flow was: scanner finds CVE and alerts, we issue statement showing when and where we fixed it, the scanner understands that and doesn't show it in versions after that.
so there wasn't really a spot to put "this is present", that was the scanner's job. Not all scanners work that way though, and some just rely on our feed and don't do their own homework so it's hit or miss.
We do have another feed now that uses the newer OSV format, in that feed we have all the info around when we detect it, when we patch it, etc.
All this info is available publicly and shown in our console, many of them you can see here: https://github.com/wolfi-dev/advisories
You can take this example: https://github.com/wolfi-dev/advisories/blob/main/amass.advi... and see the timestamps for when we detected CVEs, in what version, and how long it took us to patch.
Do with that knowledge what you may.
Offering image hardening to custom images looks like a reasonable way for Docker to have a source of sustained income. Regulated industries like banks, insurers, or governmental agencies are likely interested.
Bait and switch once the adoption happens has become way too common in the industry.
> Is Docker sunsetting the Free Team plan?
> No. Docker communicated its intent to sunset the Docker Free Team plan on March 14, 2023, but this decision was reversed on March 24, 2023.
https://www.docker.com/community/open-source/application/
Not a problem for casual users but even a small team like mine, a dozen people with around a dozen public images, can hit the pull limit deploying a dozen landscapes a day. We just cache all the public images ourselves and avoid it.
https://www.docker.com/blog/revisiting-docker-hub-policies-p...
It's what the people who created OG Docker are building now
There's an excellent reason: They're login gated, which is at best unnecessary friction. Took me straight from "oh, let me try it" to "nope, not gonna bother".
Docker is just grasping at straws. Chainguard is worth more than Docker. This is just a marketing plot (and it's clearly working given the number of devs messaging me).
With Bitnami discontinuing their offer, we recently switched to other providers. For some we are using a helm chart and this new offer provides some helm charts but for some software just the image. I would be interested to give this a try but e.g. the python image only various '(dev)' images while the guide mentions the non-dev images. So this requires some planning.
The enterprise hardened images license seems to be a different offering for offline mirroring or more strict compliance…
But, we pay for support already.
Nice from docker!
The question I'd be interested in is, outside of markets where there's a lot of compliance requirements, how much demand is there for this as a paid service...
People like lower CVE images, but are they willing to pay for them. I guess that's an advantage for Docker's offering. If it's free there are less friction to trying it out compared to a commercial offering.
That includes anyone who wants to sell to the US government (and probably other governments as well).
FedRAMP easentially[1] requires using "hardened" images.
[1]: It isn't strictly required, but without out things like passing security scans and FIPS compliance are more difficult.
Paying for something “secure” comes with the benefit of risk mitigation - we paid X to give us a secure version of Y, hence its not our fault “bad thing” happenned.
I recall being an infra lead at an Big Company that you've heard of and having to spend a month working with procurement to get like 6 Mirantis / Docker licenses to do a CCPA compliance project.
https://docs.docker.com/dhi/features/#dhi-enterprise-subscri...
Note that you don't have to be DoD to use Iron Bank images. They are available to other organizations too, though you do have to sign up for an account.
Some images like Vault are pretty bare (eg no shell).
My company makes its own competing product that is basically the same thing, and we (and I specifically) were pretty heavily involved in early Platform One. We sell it, but it's basically just a free add-on to existing software subscriptions, an additional inducement to make a purchase, but it costs nothing extra on on its own.
In any case, I applaud Docker. This can be a surprisingly frustrating thing to do, because you can't always just rebase onto your pre-hardened base image and still have everything work, without taking some care to understand the application you're delivering, which is not your application. It was always my biggest complaint with Ironbank and why I would not recommend anyone actually use it. They break containers constantly because hardening to them just means copying binaries out of the upstream image into a UBI container they patch daily to ensure it never has any CVEs. Sometimes this works, but sometimes it doesn't, and it's fairly predictable, like every time Fedora takes a new glibc version that RHEL doesn't have yet, everything that links against starts segfaulting when you try to copy from one to the other. I've told them this many times, but they still don't seem to get it and keep doing it. Plus, they break tags with the daily patching of the same application version, and you can't pin to a sha because Harbor only holds onto three orphaned shas that are no longer associated with a tag.
So short and long of it, I don't know about meat on the bone, but there is real demand and it's getting greater, at least in any kind of government or otherwise regulated business because the government itself is mandating better supply chain provenance. I don't think it entirely makes sense, frankly. The end customers don't seem to understand that, sure, we're signing the container image because we "built" it in the sense that we put together the series of tarballs described by a json file, but we're also delivering an application we didn't develop, on a base image full of upstream GNU/Linux packages we also didn't develop, and though we can assure you all of our employees are US citizens living in CONUS, we're delivering open source software. It's been contributed to by thousands of people from every continent on the planet stretching decades into the past.
Unfortunately, a lot of customers and sales people alike don't really understand how the open source ecosystem works and expect and promise things that are fundamentally impossible. Nonetheless, we can at least deliver the value inherent in patching the non-application components of an image more frequently than whoever creates the application and puts the original image into a public repo. I don't think that's a ton of value, personally, but it's value, and I've seen it done very wrong with Ironbank, so there's value in doing it right.
I suspect it probably has to be a free add-on to some other kind of subscription in most cases, though. It's hard for me to believe it can really be a viable business on its own. I guess Chainguard is getting by somehow, but it also kind of feels like they're an investor darling getting by on the reputations of its founders based on their past work more than the current product. It's the container ecosystem equivalent of selling an enterprise Linux distro, and I guess at least Redhat, SUSE, and Canonical have all managed to do that, but not by just selling the Linux distro. They need other products plus support and professional services.
I think it's a no-brainer for anyone already selling a Linux distro to do this on top of it, though. You've already got the build infrastructure and organizational processes and systems in place.
I've been in contact with some of the security folks at Iron Bank. The last time we dug into Iron Bank images, they were simply worse than what most vendors offered. They just check the STIG box.
I'm not sure if Chainguard was first, but they did come early. The original pain point we looked into when building our company was pricing, but we've since pivoted since there are significant gaps in the market that remain unaddressed.
https://www.docker.com/blog/security-that-moves-fast-dockers...
Note: I work at Docker
This would be like expecting AWS to protect your EC2 instance from a postinstall script
Update the analogy to “like EC2 but we handle the base OS patching and container runtime” and you have Fargate.
To the point that redhat created podman that can do what you want.
A big part of this for us is transparency. That’s why every image ships with VEX statements, extensive attestations, and all the metadata you need to actually understand what you’re running. We want this to be a trustworthy foundation, not just a thinner base image.
We’re also extending this philosophy beyond base images into other content like MCP servers and related components, because the more of the stack that is verifiable and hardened by default, the better it is for the ecosystem.
A few people in the thread asked how this is sustainable. The short answer is that we do offer an enterprise tier for companies that need things like contractual continuous patching SLAs, regulated-industry variants (FIPS, etc.), and secure customizations with full provenance and attestations. Those things carry very real ongoing costs, so keeping them in Enterprise allows us to make the entire hardened catalog free for the community.
Glad to see the conversation happening here. We hope this helps teams ship software with a stronger security posture and a bit more confidence.
For instance, the "dhi/grafana" image seems to contain code from the most recent version of Grafana which is licensed under AGPLv3, but there's no obvious link to the corresponding source code as required by the license.
The "specifications" tab just contains links to https://github.com/docker-hardened-images/definitions/, but those links are 404s so presumably the repo is private.
Don't you personally feel disgust mentioning AI stuff?
Yeah, I realize it is mandatory to mention AI today in every piece of communication of any company; but on a personal level, isn't that something that requires a bit of dying every time?
1. 'generous' initial offering to establish a userbase/ecosystem/network-effect
2. "oh teehee we're actually gonna have to start charging for that sorry we know that you've potentially built a lot of your infrastructure around this thing"
3. $$$
None of the alternatives come anywhere close to what we needed to satisfy a threat model that trusts no single maintainer or computer, so we started over from actually zero.
https://stagex.tools
For shorter term we are starting to archive at archive.org and CERN and hope to have the fetch script be able to fail over to those soon.
The GNU servers are the worst, and unreliable for hours at a time, and have lots of rate limiting.
At the moment collecting all the sources directly from upstreams, while great for trust building, is the biggest pain point. Sorry about that!
For the super short term join #stagex:matrix.org and anyone would be happy to wormhole you their "fetch" directory.
Where? Lets take a random example: https://hub.docker.com/hardened-images/catalog/dhi/traefik
Ok, where is the source? Open source means I can build it myself, maybe because I'm working in an offline/airgapped/high compliance environment.
I found a "catalogue" https://github.com/docker-hardened-images/catalog/blob/main/... but this isn't a build file, it's some... specialized DHI tool to build? Nothing https://github.com/docker-hardened-images shows me docs where I can build it myself or any sort of "dhi" tool.
Additionally our images are actually container native meaning they are "from scratch" all the way down avoiding any trust in upstream build systems like Debian or any of their non deterministic package management schemes.
https://stagex.tools
Meanwhile, nix already has packaged more software than any other distro, and the vast majority of its software can be put into a container image with no additional dependencies (i.e. "hardened" in the same way as these are) with exactly zero extra work specific to each package.
The nixpkgs repository already contains the instructions to build and isolate outputs, there's already a massive cache infrastructure setup, builds are largely reproducible, and docker will have to make all of that for their own tool to reach parity... and without a community behind it like nix has.
Our view is that this was largely a marketing maneuver by Docker aimed at disrupting Chainguard’s momentum.
The deeper issue in the container security space is a lack of genuine innovation. Most offerings are incremental (and offer inferior) variations on what Chainguard has already proven.
When Chainguard’s funding round last February drew significant industry attention, it triggered a rush into “secure images” as a category. We know because VCs have been reaching out to us incessantly. That, in turn, pushed Bitnami to attempt monetization of what had historically been free images, and Docker to offer free images to fill the vacuum Bitnami left following their attempt to monetize.
We were monitoring Docker closely and suspect that following their "Docker Hardened Images" splash they realized it was a lot harder to sell into the industry than they initially realized.
The reason source code is rarely shared in this space is straightforward: once it's open-sourced, a meaningful barrier to entry to the hardened image industry largely disappears.
Truthfully, at current prices you're 100% paying for quality of life. From all public pricing figures I've seen, it's cheaper to build hardened images, in-house than to buy from a vendor.
Our offering at VulnFree is technically priced below the cost to build in-house, but our real value add is meeting dev teams where they are per our custom hardened images.
https://github.com/docker-hardened-images/catalog?tab=readme...
From scratch is ideal, distroless is great too
Then use firewalls around your containers as needed