Changelog Interviews Setting Docker Hardened Images free
Feb 4, 2026
Tushar Jain, EVP of Engineering at Docker and lead of the Hardened Images initiative, talks about making minimal, production-ready hardened base images and why Docker focused on supply-chain security. He covers SBOMs, reproducible builds, provenance and VEX transparency. He also discusses migration trade-offs, ecosystem integrations, and adapting runtimes for secure AI and agent workflows.
AI Snips
Chapters
Transcript
Episode notes
Minimize Image Surface To Reduce Risk
- Docker saw minimizing image surface area and faster centralized patching as the primary way to reduce supply-chain risk.
- Hardened Images bundle minimal packages, faster patching, SBOMs and provenance to shift burden off individual engineering teams.
Make Builds Reproducible And Auditable
- Provide reproducible, auditable builds with SBOMs, SALSA-level provenance and cryptographic signing.
- Use build pipelines that avoid arbitrary shell steps to meet SALSA requirements and enable reproducibility.
Publish SBOMs And VEX Transparently
- Publish full SBOMs and VEX statements so scanners see raw CVEs plus contextual exceptions.
- Stand behind VEX rationale to reduce noise and enable CISOs to understand true impact.