Docker Hardened Images are Free: Scale Their Adoption with JFrog

Securing your Docker containers just got a lot easier. On December 17, Docker announced that their catalog of over 1,000 Docker Hardened Images (DHI)—previously a premium-only feature—is now free and open source.

This big change means every developer can now start their Dockerfile with a minimalist, near-zero CVE, SLSA Level 3 compliant foundation. If you’re using JFrog as your Docker registry, here’s how you can leverage these images and complete your container security efforts as part of your existing workflows.

Set Up JFrog to Pull Docker Hardened Images

While Docker Hardened Images are free and openly available to all, Docker does require user authentication to access them. For a single developer, this is a minor tweak. For an enterprise with hundreds of developers and automated CI/CD pipelines, updating every request to be authenticated can be a major headache. Thankfully by routing all your traffic to Docker Hub via JFrog we make it possible to do this in one central place for all your clients.

By using JFrog Artifactory as your caching proxy, you can operationalize Docker Hardened Images in minutes without hitting rate limits or managing local credentials on every dev machine.

How to start using JFrog to pull DHIs in 3 easy steps:

• Step 1: Create an Authenticated Remote Repo. Set up a new Docker Remote Repository in Artifactory specifically for DHIs (Note – Docker Hardened Images have their own unique URL separate from the standard Docker Hub). Enter your Docker Hub credentials here once. This allows Artifactory to “speak” to Docker as an authenticated user.

• Step 2: Keep your “anonymous” Remote Repo. Continue using your existing non-authenticated connection for standard public images. If you’re on JFrog SaaS, these pulls remain unlimited and high-performance.

• Step 3: Wrap both into a single Virtual Repository. Your developers only ever point their Docker client to the one URL. Artifactory’s smart routing handles the logic: it pulls the hardened images using the auth-method and everything else anonymously.

For a more detailed look at how to best bring Docker Hardened Images into the JFrog Platform please check out the documentation.

Start Secure and Stay Secure

Leveraging hardened images is a great way to shift-left container security to the first decision you make when creating a container – what you choose as your base image. But container security doesn’t stop there. JFrog provides the additional layers of control required to ensure containers remain safe through release and in the runtime.

Secure every layer without the noise – JFrog Xray and JFrog Advanced Security allow you to scan those additional non-hardened image layers and focus on only those vulnerabilities that actually impact your security posture.

Proactive visibility in the runtime – With continuous security monitoring in runtime, JFrog ensures that if the security status of your container changes while in the runtime, you’ll be the first to know, so you can quickly address the issue.

Built-in governance and compliance – JFrog AppTrust gives precise control over all application versions and their components across every stage of the SDLC. With evidence-based policies applied across every stage you can codify requirements for frameworks like FedRAMP, HIPAA, or PCI DSS directly into the promotion process.

Your system of record for secure containerization

Once a Docker Hardened Image is pulled into JFrog, it is managed within your central, trusted system of record with verifiable SBOMs and SLSA required provenance. Consolidating your images eliminates drift and ensures all teams work from a consistent, traceable, and approved foundation.

The Bottom Line

Docker is giving the world a safer container foundation. JFrog gives enterprises the scale and support to use it. Why don’t you check it out for yourself by taking an online tour, scheduling a demo or starting a free trial today!