A Safer Container Ecosystem with Docker: Free Docker Hardened Images

https://www.docker.com/blog/docker-hardened-images-for-every-developer/

113•anttiharju•1h ago

Comments

jitl•1h ago

I went to "Hardened Images Catalog" and searched for pgbouncer, not found (https://hub.docker.com/hardened-images/catalog?search=pgboun...)

There's a "Make a request" button, but it links to this 404-ing GitHub URL: https://github.com/docker-hardened-images/discussion/issues

oh well. hope its good stuff otherwise.

pploug•52m ago

Thanks for reporting, team is fixing it, the right url is: https://github.com/docker-hardened-images/catalog/issues/

tecleandor•1h ago

Is this the response to the Bitnami/VMWare/Broadcom Helm charts thing?

kamrannetic•1h ago

no need for chainguard/bitnami anymore?

progbits•34m ago

Bitnami is in broadcom hell, nobody should use that.

Chainguard still has better CVE response time and can better guarantee you zero active exploits found by your prod scanners.

(No affiliation with either, but we use chainguard at work, and used to use bitnami too before I ripped it all out)

mmbleh•29m ago

CVE response time is a toss up, they all patch fast. Chainguard can only guarantee zero active exploits because they control their own exploit feed, and don't publish anything on it until they've patched. So while this makes it look better, it may not actually be better

digi59404•26m ago

FWIW - A whole host of the pre-IPO GitLab folks went to Chainguard. A lot of them, many in leadership roles. Most importantly, In Sales Leadership. These are people whom don’t really believe in high-pressure sales. Rather they aim to show the value and not squeeze customers for profit or making a number on a chart go up.

Do with that knowledge what you may.

nine_k•57m ago

The news: Docker Hardened Images (DHI) are now free to use for everyone. No reason not to use them.

Offering image hardening to custom images looks like a reasonable way for Docker to have a source of sustained income. Regulated industries like banks, insurers, or governmental agencies are likely interested.

scottydelta•42m ago

After their last rug pull when they started charging projects for registry after parading it as a fully free service for almost a decade, it has become hard to trust anything free.

Bait and switch once the adoption happens has become way too common in the industry.

skyline879•34m ago

When was this?

simlevesque•11m ago

https://www.docker.com/developers/free-team-faq/

> Is Docker sunsetting the Free Team plan?

> No. Docker communicated its intent to sunset the Docker Free Team plan on March 14, 2023, but this decision was reversed on March 24, 2023.

imglorp•5m ago

> 100 pulls per 6 hours for unauthenticated users and 200 pulls per 6 hours for Docker Personal users

Not a problem for casual users but even a small team like mine, a dozen people with around a dozen public images, can hit the pull limit deploying a dozen landscapes a day. We just cache all the public images ourselves and avoid it.

https://www.docker.com/blog/revisiting-docker-hub-policies-p...

pploug•19m ago

Projects are not charged for hub usage

cedws•9m ago

Docker is a company I just can’t hate on. They’ve completely transformed how software is deployed. Containers gained so much momentum it kind of outgrew them and they lost a lot of potential business. I would hardly call beginning to charge after a decade of free service a rug pull, especially now that dependence on Docker’s registry is shrinking all the time.

simlevesque•8m ago

I don't hate them. But I don't want to depend on them for any product I manage.

politelemon•5m ago

Given the wealth and productivity creation that they're responsible for enabling across the industry, they deserve to be paid for it. There is no way for them to have achieved this with zero friction.

BSVogler•10m ago

First look shows me that this is not an easy drop in replacement. First thing is this requires a log-in and makes me wonder why this is required. Perhaps some upselling coming.

With Bitnami discontinuing their offer, we recently switched to other providers. For some we are using a helm chart and this new offer provides some helm charts but for some software just the image. I would be interested to give this a try but e.g. the python image only various '(dev)' images while the guide mentions the non-dev images. So this requires some planning.

politelemon•7m ago

I appreciate what they're doing here, which is something I haven't seen other vendors doing.

Show HN: Voice-to-text for macOS using Groq's free Whisper API

AI, AI Oh

Finland is in midst of racist firestorm

Temporal: Getting started with JavaScript's new date time API

Show HN: Tonbo – an embedded database for serverless and edge runtimes

Show HN: Arete – Plaid for AI identity (your context follows you across tools)

Gil Gerard, Star of 'Buck Rogers,' Dies at 82

Look around: Bubbles are everywhere

Show HN: AI agent that investigates CloudWatch alarms – 5-min Terraform deploy

What could’ve been Google’s worst year turned into one of its best

Show HN: Why I'm building a graphical, simple Proof Assistant for kids

Jimmy Wales trusts the process

Putin Signs Law Confiscating 'Ownerless' Homes in Occupied Ukraine

LingoScreen – Localize product images and screenshots in seconds, not days

How did IRC ping timeouts end up in a lawsuit?

Tool search is dead, long live skills

GitHub is going to start charging you for using your own hardware

Top Open Source licenses in 2025

Looking for a Remote Job in Python/Django/Flask

Tool search should not be search but discovery

Show HN: Get an Amazon Giftcard to Test Premium Features on Remotelygood.us

Show HN: A Full-Control Cloud That Puts You in Charge of Your Deployments

Mass hacking of IP cameras leave Koreans feeling vulnerable in homes, businesses

Show HN: Hopeless – Removing API Bloat Before It Reaches Your LLM on Legacy API

Show HN: MCPShark Viewer (VS Code/Cursor extension)- view MCP traffic in-editor

Unemboldening

Hack Reveals the A16Z-Backed Phone Farm Flooding TikTok with AI Influencers

Please, Stop Talking About "Tradeoffs"

Cheese Mites and Sludge Worms: The Origins of Grossout Cinema

How SQLite Is Tested