Docker containers often contain hundreds or thousands of utilities and libraries, which is great for quickly building and deploying server software, but can make security audits and vulnerability patches more difficult. Docker Hardened Images were created to help solve this problem, and now they are available to everyone for free.
HTG Wrapped 2025: 24 days of tech
24 days of our favorite hardware, gadgets, and tech
Docker Hardened Images, or DHI for short, are more secure Docker images for running popular programming languages, frameworks, databases, and various utilities. They are built on Alpine Linux and Debian, with fast patching for known security vulnerabilities. The list of built-in packages is usually reduced from their non-DHI equivalents, resulting in a smaller attack surface and smaller image sizes.
You can check out the Docker Hardened Images gallery to see all the available software. Some of the available images include Python, Rust, MongoDB, various MCP servers, Dart, .NET, Node.js, Go, MongoDB, and many others. In most cases, you can just replace the mainstream image with its hardened equivalent (e.g. python:3.13 to dhi.io/python:3.13) in your Dockerfile or Docker Compose, then add any missing software back after the image is initialized.
Docker said in a blog post, “While some vendors suppress CVEs in their feed to maintain a green scanner, Docker is always transparent, even when we’re still working on patches, because we fundamentally believe you should always know what your security posture is. The result: dramatically reduced CVEs (guaranteed near zero in DHI Enterprise), images up to 95 percent smaller, and secure defaults without ever compromising transparency or trust.”
Docker Hardened Images were previously only available as a paid product, but now they are open-source (under the Apache 2.0 license) and free for anyone to use in projects. However, a paid enterprise version is still available for organizations that have strict security or regulatory demands, with optional extended lifecycle support (ELS) up to five years.
Docker vs. Virtual Machines What’s Best for Your Homelab?
Sometimes you need a bulldozer, and sometimes a shovel.
The company isn’t stopping at images, either. The blog post also mentioned, “In the coming months, we will extend this hardened foundation across the entire software stack with hardened libraries, hardened system packages, and other secure components everyone depends on. The goal is simple: be able to secure your application from main() down.”
You can check out Docker’s documentation for instructions on switching to hardened images. If you’re just using installing images and containers that have already been built, there’s nothing for you to do—projects will switch to the hardened images if it’s worth the effort.
Source: Docker Blog
