In 2025, containers became the default route to production for the global software industry, and the container supply chain became one of its largest security liabilities. With Docker Hardened Images (DHI), Docker moved beyond image distribution into supply-chain hardening—opening a catalog of continuously patched images built on familiar Alpine and Debian roots.
What originated out of a commercial solution was open-sourced in the end of 2025.
This short talk examines DHI not as a product announcement, but as a signal for where the ecosystem is heading: transparent CVE reporting, minimal distroless-style bases, signed provenance, hardened helm charts, and free/open foundations for regulated workloads.
With this talk I want to give a quick insight on what you need to know to use them.
What originated out of a commercial solution was open-sourced in the end of 2025.
This short talk examines DHI not as a product announcement, but as a signal for where the ecosystem is heading: transparent CVE reporting, minimal distroless-style bases, signed provenance, hardened helm charts, and free/open foundations for regulated workloads.
With this talk I want to give a quick insight on what you need to know to use them.
Matthias Haeussler
CGI
Matthias Haeussler is VP Expert at CGI, university lecturer for distributed systems, Linux Foundation trainer, Docker Captain, and meetup organizer. His main focus is enabling people in strategy and technology for the entire cloud-native software engineering lifecycle. This includes guiding clients through hands-on implementation, overseeing deployment processes, skill enablement, and ensuring successful migrations. Previously, he was employed at Novatec and IBM R&D Germany. He has teaching experience from lectures at multiple universities in Stuttgart. He is also a frequent speaker at various national and international conferences and meetups, including Devoxx (Devoxx Champion 2024), KubeCon, Spring One Platform, Open Source Summit, Spring IO, IBM InterConnect, and WJAX.