[go: up one dir, main page]
{ const container = $el; // The div with overflow const item = document.getElementById('sidebar-current-page') if (item) { const containerTop = container.scrollTop; const containerBottom = containerTop + container.clientHeight; const itemTop = item.offsetTop - container.offsetTop; const itemBottom = itemTop + item.offsetHeight; // Scroll only if the item is out of view if (itemBottom > containerBottom - 200) { container.scrollTop = itemTop - (container.clientHeight / 2 - item.offsetHeight / 2); } } })" class="bg-background-toc dark:bg-background-toc fixed top-0 z-40 hidden h-screen w-full flex-none overflow-x-hidden overflow-y-auto md:sticky md:top-16 md:z-auto md:block md:h-[calc(100vh-64px)] md:w-[320px]" :class="{ 'hidden': ! $store.showSidebar }">
Contact support
Manuals

Hardened, secure images

Table of contents

Docker Hardened Images (DHI) are engineered to provide a robust security foundation for containerized applications, addressing the evolving challenges of software supply chain security.

Near-zero vulnerabilities and non-root execution

Each DHI is meticulously built to eliminate known vulnerabilities, achieving near-zero Common Vulnerabilities and Exposures (CVEs) through continuous scanning and updates. By adhering to the principle of least privilege, DHI images run as non-root by default, reducing the risk of privilege escalation attacks in production environments.

Comprehensive supply chain security

DHI incorporates multiple layers of security metadata to ensure transparency and trust:

  • SLSA Level 3 compliance: Each image includes detailed build provenance, meeting the standards set by the Supply-chain Levels for Software Artifacts (SLSA) framework.

  • Software Bill of Materials (SBOMs): Comprehensive SBOMs are provided, detailing all components within the image to facilitate vulnerability management and compliance audits.

  • Vulnerability Exploitability eXchange (VEX) statements: VEX documents accompany each image, providing context about known vulnerabilities and their exploitability status.

  • Cryptographic signing and attestations: All images and associated metadata are cryptographically signed, ensuring integrity and authenticity.

Minimal and developer-friendly options

DHI provides both minimal and development-friendly image variants:

  • Minimal images: Built using a distroless approach, these images remove unnecessary components, reducing the attack surface by up to 95% and improving startup times.

  • Development images: Equipped with essential development tools and libraries, these images facilitate secure application building and testing.