好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读这篇文章,理解其主要内容和重点。 文章主要讲的是Docker推出了超过1000个Docker Hardened Images(DHI),这些镜像现在是免费且开源的,使用Apache 2.0许可证。DHI是安全、精简、生产就绪的基础镜像,由Docker直接维护。它们旨在减少容器层的攻击面和供应链风险。这些镜像无root权限,去除了不必要的组件,没有已知漏洞,并支持VEX标准。此外,Docker承诺在漏洞披露后7天内修复现有组件中的新缺陷。 接下来,文章提到Docker团队在10月宣布向所有开发团队开放对整个DHI目录的无限访问,并提供30天免费试用。但后来决定将DHI从商业产品转变为免费订阅模式,供所有开发者使用。公司强调这一举措不降低安全标准,并保留了商业版本DHI Enterprise的7天补丁承诺和其他高级功能。 现在我需要将这些信息浓缩到100字以内。要抓住关键点:免费、开源、安全、精简、生产就绪、减少风险、无root权限、支持VEX标准、快速修复漏洞等。 可能的结构是:开头说明Docker推出免费开源的安全镜像,然后描述这些镜像的特点和优势,最后提到商业版本的保留。 检查字数是否在限制内,并确保信息准确无误。 </think> Docker推出超过1,000个免费开源的安全容器基础镜像(DHI),旨在减少攻击面和供应链风险。这些镜像精简无冗余组件,支持VEX标准,并承诺7天内修复漏洞。企业版仍提供高级功能及快速补丁服务。 2025-12-22 08:30:20 Author: www.bleepingcomputer.com(查看原文) 阅读量:2 收藏
More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license.
Docker is a popular platform that enables developers to build, test, and deploy applications quickly inside container images that include the required dependencies, allowing for predictable and repeatable results across various systems and environments.
DHIs, launched in May this year, are secure, minimal, production-ready Docker base images maintained directly by Docker. They are designed to reduce the attack surface and supply-chain risks at the container layer.
DHIs are rootless, stripped of unnecessary components, free of known vulnerabilities, and support the Vulnerability Exploitability eXchange (VEX) standard for leaner security management.
They are also guaranteed to push fixes for new flaws in existing DHI components within 7 days of their disclosure.
In October, the Docker team announced that it would open unlimited access to its entire DHI catalog of 1,000 images to all developer teams and also offer a 30-day free trial to all subscribers.
However, Docker decided to move DHIs from being a commercial offering to making them available subscription-free for all developers.
“Today, we are establishing a new industry standard by making DHI freely available and open source to everyone who builds software. All 26 Million+ developers in the container ecosystem,” reads the announcement.
“DHI is fully open and free to use, share, and build on with no licensing surprises, backed by an Apache 2.0 license. DHI now gives the world a secure, minimal, production-ready foundation from the very first pull,” the company said.
Docker has highlighted that the move does not come with security discounts for DHI, as the images remain SBOM-verifiable, the builds provide SLSA Build Level 3 provenance, and every image is accompanied by proof of authenticity.
However, the 7-day critical CVE patching commitment (SLA) is still exclusive to the commercial tier, DHI Enterprise, which is still available. Patches will still be provided to the free tier, but not within a pre-defined time period.
Regarding DHI Enterprise and the time to fix flaws, Docker states it aims to reduce it to a single day or even less. The commercial tier also allows modifying DHI images, configuring runtimes, and installing additional tools.
Docker users can access the full DHI catalog and subscription options from here.
Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
如有侵权请联系:admin#unsafe.sh