Post by Docker, Inc

What actually makes a container image "hardened"? As supply chain security gets more attention, "hardened" content comes up a lot, in this guide we get into what hardened images and why they matter. A genuinely hardened image does three things, not one: it strips out the packages an application never uses (most container CVEs live in that inherited baggage), it's continuously rebuilt to stay patched, and it ships with verifiable metadata (such as SBOMs, SLSA provenance, VEX, and signatures) so you can always prove what's inside and how it was built. This guide breaks down why minimization alone isn't enough, and how hardened images differ from slim variants, distroless builds, and basic image scanning. Read →