Core concepts

Review the full set of signed attestations included with each Docker Hardened Image, such as SBOMs, VEX, build provenance, and scan results.

Learn what SBOMs are, why they matter, and how Docker Hardened Images include signed SBOMs to support transparency and compliance.

Learn how Docker Hardened Images comply with SLSA Build Level 3 and how to verify provenance for secure, tamper-resistant builds.

Learn how build provenance metadata helps trace the origin of Docker Hardened Images and support compliance with SLSA.

Learn how Docker Hardened Images support FIPS 140 by using validated cryptographic modules and providing signed attestations for compliance audits.

Understand what CVEs are, how Docker Hardened Images reduce exposure, and how to scan images for vulnerabilities using popular tools.

Learn how VEX helps you prioritize real risks by identifying which vulnerabilities in Docker Hardened Images are actually exploitable.

Learn how Docker Hardened Images help secure every stage of your software supply chain with signed metadata, provenance, and minimal attack surface.

See how Docker Hardened Images support a secure SDLC by integrating with scanning, signing, and debugging tools.

Learn how Docker Hardened Images use distroless variants to minimize attack surface and remove unnecessary components.

Compare glibc and musl variants of DHIs to choose the right base image for your application’s compatibility, size, and performance needs.

Understand how image digests, read-only containers, and signed metadata ensure Docker Hardened Images are tamper-resistant and immutable.

Learn how Docker Hardened Images are designed for security, with minimal components, nonroot execution, and secure-by-default configurations.

Learn how to use immutable image digests to guarantee consistency and verify the exact Docker Hardened Image you're running.

Understand how Docker Hardened Images are cryptographically signed using Cosign to verify authenticity, integrity, and secure provenance.