Docker is making its Docker Hardened Images available free of charge and open source. In doing so, the company is changing the conditions under which pre-secured container images can be used, a segment that until now has been largely commercially available.
The images are based on Debian and Alpine and are released under the Apache 2.0 license. Docker Hardened Images are intended as a basis for building and running container applications. They are pre-customized by Docker to limit the number of known vulnerabilities and contain additional metadata about their origin and composition.
Until recently, these images were only available within paid subscriptions. With the release, that restriction disappears and they become accessible to individual developers, teams, and organizations without license fees.
The timing of the announcement coincides with a broader focus on software supply chain security. Container images are a commonly used building block in modern software development, but are often reused without in-depth checks on maintenance, origin, or known vulnerabilities. Incidents involving manipulated images and outdated dependencies have led to stricter requirements from security teams and regulators in recent years.
Docker positions the hardened images as a generic starting point that can be used in different environments. Because the images are built on common Linux distributions, they remain compatible with existing workflows and tooling. The open source license makes it possible to inspect, modify, and redistribute the images without additional contractual obligations.
Same approach for Model Context Protocol servers
In addition to traditional container images, Docker is extending the same approach to infrastructure used by AI assistants. This involves Model Context Protocol servers, which allow AI systems to communicate with external tools and data sources. In practice, these servers form a new layer in the infrastructure, with their own security risks. Docker has made hardened variants available for a number of commonly used MCP servers and wants to extend this to the entire catalog.
The free availability does not mean that Docker is withdrawing completely from this segment. For organizations with additional requirements, DHI Enterprise will continue to exist as a paid option. This variant focuses on faster processing of security updates, support for compliance requirements, and maintenance after upstream projects no longer provide updates. This means that a distinction remains between basic use and environments where contractual guarantees are required.
With this step, Docker is moving part of container security from an optional addition to a standard component of the base layer. Whether this will lead to broader adoption of hardened images depends on how developers and organizations weigh the additional security features against complexity and performance. At the same time, the release may put pressure on other providers who offer similar functionality exclusively on a commercial basis.