Docker has announced they are releasing Docker Hardened Images for free for everyone! Pretty cool development. It is worth a look even if you are not running enterprise workloads.
Short version is this: Docker is offering official container images that are more locked down by default. Fewer packages, fewer attack surfaces, more secure defaults, and more focus on security overall out of the box.
These are not custom third party images. They are maintained by Docker and meant to be drop-in replacements for the images many of us are already using. Things like base OS images and popular runtimes.
A few things that stood out to me:
-
Images are intentionally minimal. Less stuff is installed which means fewer vulnerabilities to worry about
-
It also focuses on supply chain security, which is a big deal. Docker is clearly trying to make it easier to trust what you are pulling
-
It is built for developers, not just security teams. You still get something usable without having to harden everything yourself
-
It is designed to work with Docker Scout and vulnerability scanning workflows
From a home lab perspective this is great. A lot of us run containers exposed internally or even externally (hopefully not but sometimes it is needed), and we usually just grab the latest and move on. But having more secure base images by default helps to reduce the risk.
I also see this being useful for anyone publishing Compose stacks or example configs. If hardened images become common, it raises the baseline security level for everyone copying those examples.
This does not magically make containers secure in every way, but it does remove a bunch of low hanging fruit that normally gets ignored in terms of security.
Curious what others think. Would you switch your existing containers to hardened images? Do you care about this in a home lab, or only for production? Is this something Docker should have done a long time ago?
Here is a link to the official post from Docker: https://www.docker.com/blog/docker-hardened-images-for-every-developer/