TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
3 Factors Many Platform Engineers Still Get Wrong
May 27th 2025 8:00am, by Doug Sillars
Cloud Realities Are Slowing AI Ambitions
May 23rd 2025 4:18pm, by Mike Hicks
Red Hat's AI Platform Now Has an AI Inference Server
May 21st 2025 12:00pm, by Steven J. Vaughan-Nichols
6 IaC Tips for Cloud Practitioners
May 21st 2025 9:00am, by Ido Neeman
How To Accelerate Edge Application Deployment at Scale
May 20th 2025 1:30pm, by Alexsander Petrenko
How To Fill the Open Source Cracks in Your Container Foundation
Jun 2nd 2025 9:00am, by Vicki Walker
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by Steven J. Vaughan-Nichols
Docker’s Best-Kept Secret: How Observability Saves Developers’ Sanity
May 31st 2025 10:00am, by Aditya Gupta
Build GenAI Applications Locally With Docker Model Runner
May 23rd 2025 6:00am, by Janakiram MSV
Docker Launches Hardened Images, Intensifying Secure Container Market
May 19th 2025 2:00pm, by Steven J. Vaughan-Nichols
Enterprise AI Success Demands Real-Time Data Platforms
Jun 2nd 2025 7:00am, by Tim Rottach
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by Loraine Lawson
Top 4 Observability Risks
May 30th 2025 9:10am, by Abby Ross
PostgreSQL 18 Delivers Significant Performance Gains for OLTP and Analytics
May 28th 2025 6:00am, by Jelani Harper
Time Series Forecasting: An Open Source, No-Code Solution
May 27th 2025 8:00am, by Anais Dotis Georgiou
How To Accelerate Edge Application Deployment at Scale
May 20th 2025 1:30pm, by Alexsander Petrenko
How to Use AI to Detect PPE Compliance in Edge Environments
May 13th 2025 7:00am, by Sathiyadev Thangaswamy
Remote MCP Servers: Inevitable, Not Easy
May 12th 2025 12:00pm, by Michael Field
Q&A: Nutanix CEO Rajiv Ramaswami on the Cloud Native Enterprise
May 12th 2025 7:00am, by Joab Jackson
Build Edge Native Apps With WebAssembly
May 7th 2025 8:00am, by Matt Butcher
Why CI/CD Alone Won’t Cut It for Infrastructure as Code
May 29th 2025 10:00am, by Marcin Wyszynski
The AI Code Generation Problem Nobody's Talking About
May 29th 2025 8:00am, by Michelle Gienow
Red Hat Ansible and HashiCorp Terraform Will Be Coming Together
May 28th 2025 7:00am, by Steven J. Vaughan-Nichols
6 IaC Tips for Cloud Practitioners
May 21st 2025 9:00am, by Ido Neeman
IaC Is Too Complicated. Where’s That ‘Easy Button’?
May 19th 2025 6:06am, by Vicki Walker
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by Steven J. Vaughan-Nichols
OpenSUSE Tumbleweed: A Powerhouse, Rock-Solid Linux Desktop Distro
May 31st 2025 6:00am, by Jack Wallen
Red Hat Goes All in on AI-Powered Lightspeed System Admin Tools 
May 30th 2025 6:00am, by Steven J. Vaughan-Nichols
Linux Kernel 6.15 Boosts Virtualization, GPU, and CPU Performance
May 29th 2025 5:00am, by Damon M. Garn
Ubuntu Budgie 25.04: One of the Best Desktops on the Market
May 24th 2025 8:00am, by Jack Wallen
Reimagining Environments for Cloud Native Architectures
May 19th 2025 11:00am, by Arjun Iyer
Why Microservice Environments Break: Lack of Unification
May 12th 2025 6:07am, by Anirudh Ramanathan
Why Coordinating Microservice Changes Is Still a Mess
Apr 24th 2025 10:00am, by Anirudh Ramanathan
How to Implement the Saga Architectural Pattern in Microservices
Apr 21st 2025 6:28am, by Zziwa Raymond Ian
Scale Microservices Testing Without Duplicating Environments
Apr 15th 2025 9:00am, by Arjun Iyer
AI Agents Let Developers Kiss These 4 Chores Goodbye
May 30th 2025 7:40am, by Loraine Lawson
PostgreSQL 18 Delivers Significant Performance Gains for OLTP and Analytics
May 28th 2025 6:00am, by Jelani Harper
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Open Source KubeVirt: VM Management With Kubernetes Is a Work in Progress
May 27th 2025 12:16pm, by B. Cameron Gain
Traceloop Launches an Observability Platform for LLM-Based Apps
May 27th 2025 8:30am, by Frederic Lardinois
Companies Must Embrace Bespoke AI Designed for IT Workflows
May 23rd 2025 10:00am, by Ramprakash Ramamoorthy
CNCF and Synadia Reach an Agreement on NATS
May 5th 2025 7:33am, by Steven J. Vaughan-Nichols
Gateway API or Ingress: A Developer’s Guide to Kubernetes Routing
May 2nd 2025 6:00am, by Janakiram MSV
Synadia Attempts To Reclaim NATS Trademark Back From CNCF
Apr 29th 2025 8:00am, by Steven J. Vaughan-Nichols
NVIDIA GTC 2025 Wrap-Up: 18 New Products to Watch
Apr 18th 2025 11:00am, by Keith Pijanowski
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by Tyler Rockwood
Modernization: Storage Strategies for the Cloud Era
May 28th 2025 1:00pm, by Carol Platz
Nutanix Unveils Major Platform Expansions at .NEXT 2025
May 8th 2025 12:00pm, by Chris J. Preimesberger
Eliminate Application Timeouts With Software-Defined Storage
May 8th 2025 9:00am, by Carol Platz
Kafka Tiered Storage: Store More, But Pay Less
May 7th 2025 2:00pm, by Anil Inamdar
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by
Optimizing AI Infrastructure: 5 Takeaways from Jensen Huang's GTC 2025 Keynote
Jun 2nd 2025 10:00am, by
Enterprise AI Success Demands Real-Time Data Platforms
Jun 2nd 2025 7:00am, by
Duolingo Grapples With Its 'AI-First' Promise Before Angry Social Mob
Jun 1st 2025 7:00am, by
Microsoft Targets AI 'Holy Grail' With Windows ML 2.0
May 31st 2025 9:00am, by
Microsoft Targets AI 'Holy Grail' With Windows ML 2.0
May 31st 2025 9:00am, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
AI Agents Let Developers Kiss These 4 Chores Goodbye
May 30th 2025 7:40am, by
Live Data Is Rapidly Reshaping Product Development Practices
May 29th 2025 12:00pm, by
New Tools Help LLM Developers Choose Better Pre-Training Data
May 29th 2025 9:00am, by
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by
Boomi Delivers Agentstudio for AI Agent Development
May 22nd 2025 4:00pm, by
Beyond API Uptime: Modern Metrics That Matter
May 22nd 2025 6:17am, by
5 'Cheat Codes' for Building Better APIs
May 21st 2025 8:00am, by
Why APIs Are Essential and MCP Is Optional (for Now)
May 8th 2025 8:00am, by
Next.js Deployment Spec Simplifies Frontend Hosting
May 6th 2025 12:00pm, by
A Practical Guide To Building a RAG-Powered Chatbot
May 5th 2025 12:00pm, by
JavaScript's Missing Link: Wasp Offers Full Stack Solution
Mar 26th 2025 2:00pm, by
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by
Apollo: GraphQL Now Connects to REST APIs With Little Fuss
Mar 11th 2025 7:30am, by
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by
Can OpenSearch Shut Down Those Bad Vector Search Results? 
May 30th 2025 10:56am, by
Top 4 Observability Risks
May 30th 2025 9:10am, by
Live Data Is Rapidly Reshaping Product Development Practices
May 29th 2025 12:00pm, by
SAP Simplifies ERP Data Access for Developers
May 28th 2025 5:00pm, by
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by
When To Use Progressive Web Apps and When To Go Native
May 29th 2025 2:00pm, by
Empowering IT Teams Through Seamless UI and AI Agents
May 27th 2025 6:00am, by
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by
Ladybird: That Rare Breed of Browser Based on Web Standards
May 21st 2025 2:00pm, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by
New Tools Help LLM Developers Choose Better Pre-Training Data
May 29th 2025 9:00am, by
Self-Aware AI: Building Adaptive LLM Decision Agents
May 29th 2025 7:00am, by
Traceloop Launches an Observability Platform for LLM-Based Apps
May 27th 2025 8:30am, by
How To Fill the Open Source Cracks in Your Container Foundation
Jun 2nd 2025 9:00am, by
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by
What HAL 9000 Teaches Us About AI-Driven Authorization
May 30th 2025 12:00pm, by
Linux Kernel 6.15 Boosts Virtualization, GPU, and CPU Performance
May 29th 2025 5:00am, by
Security Firm Snyk Tackles AI Coding's Perfect Storm
May 28th 2025 10:06am, by
Scratch That Itch for Young Developers
Jun 1st 2025 6:01am, by
Microsoft Targets AI 'Holy Grail' With Windows ML 2.0
May 31st 2025 9:00am, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
Google Study: 65% of Developer Time Wasted Without Platforms
May 30th 2025 3:00pm, by
AI Agents Let Developers Kiss These 4 Chores Goodbye
May 30th 2025 7:40am, by
The State of JavaScript Debugging in WebAssembly
May 19th 2025 1:30pm, by
Build Edge Native Apps With WebAssembly
May 7th 2025 8:00am, by
GraalVM (Finally) Gets Java for WebAssembly
Apr 22nd 2025 4:00pm, by
Hyperlight Wasm: Azure Goes the Final Wasi Mile
Apr 3rd 2025 9:00am, by
Endor: WebAssembly-Based Server in the Browser
Mar 29th 2025 1:00pm, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by Tyler Rockwood
Time Series Forecasting: An Open Source, No-Code Solution
May 27th 2025 8:00am, by Anais Dotis Georgiou
AI Is Quickly Making IT Teams and Developers From Invisible to Indispensable
May 23rd 2025 11:00am, by Neil McRae
Developers Can Now ‘Uber’ GPUs With NVIDIA’s Lepton Platform
May 20th 2025 11:30am, by Agam Shah
SAP Unveils New AI Tools for Developers
May 20th 2025 7:20am, by Loraine Lawson
Why CI/CD Alone Won’t Cut It for Infrastructure as Code
May 29th 2025 10:00am, by Marcin Wyszynski
Why Mobile App Reliability Is So Complicated
May 28th 2025 8:00am, by Virna Sekuj
Build an AI Chat Assistant With Stream and OpenAI
May 23rd 2025 12:00pm, by Danny Adams
CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor
May 22nd 2025 1:00pm, by Darryl K. Taft
Beyond API Uptime: Modern Metrics That Matter
May 22nd 2025 6:17am, by Damir Mujezinovic
SAP Simplifies ERP Data Access for Developers
May 28th 2025 5:00pm, by Loraine Lawson
AWS Revives and Updates Its Customer Carbon Footprint Tool
May 28th 2025 11:00am, by Charles Humble
Cloud Realities Are Slowing AI Ambitions
May 23rd 2025 4:18pm, by Mike Hicks
Clouds, Code, and Control: The New Open Source Power Struggle
May 22nd 2025 10:10am, by Dawn Foster
Running AI Workloads Responsibly in the Cloud
May 14th 2025 11:00am, by Sam Prakash Bheri
Red Hat Ansible and HashiCorp Terraform Will Be Coming Together
May 28th 2025 7:00am, by Steven J. Vaughan-Nichols
AI Is Quickly Making IT Teams and Developers From Invisible to Indispensable
May 23rd 2025 11:00am, by Neil McRae
IaC Is Too Complicated. Where’s That ‘Easy Button’?
May 19th 2025 6:06am, by Vicki Walker
Keeping Up With AI: The Painful New Mandate for Software Engineers
May 16th 2025 11:15am, by Manjunath Bhat
Ship Fast, Break Nothing: LaunchDarkly's Winning Formula
Apr 29th 2025 4:00pm, by Darryl K. Taft
From YAML to Platforms: The Kubernetes Deployment Journey
May 29th 2025 11:00am, by Bhushan Nemade
Open Source KubeVirt: VM Management With Kubernetes Is a Work in Progress
May 27th 2025 12:16pm, by B. Cameron Gain
How To Remove a Deployment in Kubernetes: Methods, Steps and Tools
May 22nd 2025 5:00am, by Sunny Yadav
OrbStack: A Deep Dive for Container and Kubernetes Development
May 16th 2025 6:00am, by Janakiram MSV
7 Major Gaps in Today’s GitOps Tools
May 15th 2025 2:00pm, by Ayaan Bordoloi
Bridging the Gap Between Monitoring and Incident Resolution
Jun 2nd 2025 8:00am, by Cristina Dias
Docker’s Best-Kept Secret: How Observability Saves Developers’ Sanity
May 31st 2025 10:00am, by Aditya Gupta
Can OpenSearch Shut Down Those Bad Vector Search Results? 
May 30th 2025 10:56am, by B. Cameron Gain
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
Why Mobile App Reliability Is So Complicated
May 28th 2025 8:00am, by Virna Sekuj
What Is Output Formatting in Python and How Do You Do It?
Jun 2nd 2025 3:00pm, by Jack Wallen
Bridging the Gap Between Monitoring and Incident Resolution
Jun 2nd 2025 8:00am, by Cristina Dias
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
Red Hat Goes All in on AI-Powered Lightspeed System Admin Tools 
May 30th 2025 6:00am, by Steven J. Vaughan-Nichols
From YAML to Platforms: The Kubernetes Deployment Journey
May 29th 2025 11:00am, by Bhushan Nemade
Google Study: 65% of Developer Time Wasted Without Platforms
May 30th 2025 3:00pm, by Todd R. Weiss
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
3 Factors Many Platform Engineers Still Get Wrong
May 27th 2025 8:00am, by Doug Sillars
To Fix Platform Engineering, Build What Users Actually Want
May 18th 2025 10:00am, by Shweta Vohra
Building Trust in AI-Driven QA: Ensuring Transparency and Explainability With GenAI
May 16th 2025 5:00am, by Saqib Jan
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
Bjarne Stroustrup on How He Sees C++ Evolving
Mar 7th 2025 6:00am, by David Cassel
Curl's Daniel Stenberg on Securing 180,000 Lines of C Code
Feb 23rd 2025 6:00am, by David Cassel
The AI Code Generation Problem Nobody's Talking About
May 29th 2025 8:00am, by Michelle Gienow
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by Karissa Jacobsen
The New Bottleneck: AI That Codes Faster Than Humans Can Review
May 27th 2025 11:00am, by Michelle Gienow
Exploring the JetBrains AI Assistant for Visual Studio Code
May 24th 2025 7:00am, by David Eastman
CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor
May 22nd 2025 1:00pm, by Darryl K. Taft
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Introduction to Go Programming Language
Jan 17th 2025 9:00am, by TNS Staff
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Azul CTO: Java at 30 Still Rules Enterprise Dev
May 23rd 2025 1:00pm, by Darryl K. Taft
Dead Code Detection Just Got Easier for Java Developers
May 15th 2025 5:00pm, by Darryl K. Taft
Java at 30: The Genius Behind the Code That Changed Tech
May 15th 2025 9:00am, by Darryl K. Taft
GraalVM (Finally) Gets Java for WebAssembly
Apr 22nd 2025 4:00pm, by B. Cameron Gain
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by Karissa Jacobsen
The State of JavaScript Debugging in WebAssembly
May 19th 2025 1:30pm, by B. Cameron Gain
Does LLM Write Performant Code? Study Says No
May 17th 2025 5:00am, by Loraine Lawson
Build a Real-Time Voting App With Stream Chat and Next.js
May 14th 2025 7:00am, by Ankur Tyagi
Svelte Adds Asynchronous Sync Inside Components
May 10th 2025 7:00am, by Loraine Lawson
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Azul CTO: Java at 30 Still Rules Enterprise Dev
May 23rd 2025 1:00pm, by Darryl K. Taft
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
Java at 30: The Genius Behind the Code That Changed Tech
May 15th 2025 9:00am, by Darryl K. Taft
CHERI on Top: AdaCore's Hardware 'Fix' for Legacy C/C++ Code
May 7th 2025 9:00am, by Darryl K. Taft
Time Series Forecasting: An Open Source, No-Code Solution
May 27th 2025 8:00am, by Anais Dotis Georgiou
Python Pandas Ditches NumPy for Speedier PyArrow
May 27th 2025 7:00am, by Joab Jackson
Python's Security Savior: Chainguard Battles Supply Chain Risk
May 14th 2025 9:00am, by Darryl K. Taft
Python's Open Source DNA Powers Anaconda's New AI Platform
May 13th 2025 4:00pm, by Jeffrey Burt
How a Python Processing Engine Speeds Time Series Data Processing
May 13th 2025 11:00am, by Allyson Boate
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
Containers / Security

Docker Launches Hardened Images, Intensifying Secure Container Market

Docker's new catalog of security-focused, enterprise-grade container images addresses software supply chain threats, competing with existing secure image providers like Chainguard.
May 19th, 2025 2:00pm by
Featued image for: Docker Launches Hardened Images, Intensifying Secure Container Market

Companies such as Docker and Bitnami have long offered ready-to-run application stacks and images for businesses that wanted easy-to-deploy server container images. Then Chainguard came along and offered developers and sysadmins secure, hardened container images. The race for the secure container market was on. 

Now, Docker has upped its game by launching Docker Hardened Images (DHI). This new curated catalog of security-hardened, enterprise-grade container images addresses escalating software supply chain threats. The offering, now available through Docker Hub, is designed to help developers, security engineers and platform teams deploy secure containers without disrupting established workflows.

According to Michael Donovan, Docker’s vice president of product, via a statement, “The complexity of securing container dependencies shouldn’t fall squarely on developers’ shoulders. With Docker Hardened Images, we’re making it easier for teams to build with trusted and verified components that meet enterprise-grade security and compliance standards without adding friction to their workflow.”

The key features of DHI include:

Docker is not alone as it launches these new secure images. Its partners, such as Cloudsmith, GitLab, JFrog, Microsoft, Neo4j, Sonatype and Wiz are also supporting the DHI ecosystem.

A Major Step Forward

What it all boils down to, according to Steven Dickens, CEO and principal analyst at HyperFRAME Research, is that Docker Hardened Images are “a major step forward in software supply chain assurance,” highlighting Docker’s established trust and scale in the developer ecosystem.Oron Noah, VP of product at Wiz, added, “Wiz is excited to see Docker entering the container vulnerability management space with their Hardened Images offering.”

Does this offering sound familiar? It should. This is pretty much what Chainguard provides to its customers with its Chainguard Images.

Indeed, back in March 2024, Chainguard and Docker formed a strategic partnership to offer Chainguard’s secure, hardened container images to millions of developers via Docker Hub through the Docker Verified Publisher (DVP) program.

Going forward, both Docker and Chainguard will be focused on delivering secure, minimal and continuously updated container images that address modern compliance and vulnerability management needs. 

The major differences between the two are that DHI is, obviously, built into the familiar Docker workflow with links into its partner ecosystem. Chainguard, on the other hand, attempts to deliver images with zero common vulnerabilities and exposures (CVEs) via its rapid remediation and daily rebuild mechanisms. 

Locked-Down Containers

Both Docker and Chainguard are responding to industry demand for trusted, scalable solutions that reduce container risk without slowing development. Docker leverages its massive developer base and the ubiquity of Docker Hub to deliver hardened images directly into existing workflows. Chainguard, meanwhile, positions itself as the “safe source for open source,” with a focus on eliminating CVEs entirely, rapid patching and compliance for highly regulated environments. 

They’re not the only companies operating in this new marketspace. Red Hat offers Universal Base Images (UBI); Wiz has its WizOS hardened, minimal, near-zero-CVE container base images; RapidFort offers Curated Images; and Canonical has Chiseled Images.

However, as Chainguard pointed out in its The State of Hardened Container Images Report, it’s not that easy to create truly secure images with minimal CVEs. Indeed, in some efforts, such as with the U.S. Air Force’s Iron Bank, the 50 most downloaded images average 110 CVEs. That’s not good enough.

With both Docker and Chainguard focusing on producing secure images, I see the overall quality of these locked-down container images improving. 

TRENDING STORIES
Created with Sketch.
Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting-edge PC operating system, 300bps was a fast internet connection, WordStar was the state-of-the-art word processor, and we liked it.
Read more from Steven J. Vaughan-Nichols
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Wiz, Docker.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.