Sign up to save your podcasts
Or
Share 95% Fewer CVEs, $0 Cost: Docker Just Open-Sourced Enterprise Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
95% Fewer CVEs, $0 Cost: Docker Just Open-Sourced Enterprise Security
Supply chain attacks cost $60 billion in 2025. Docker just made the solution free.
On December 17, Docker released 1,000+ hardened container images under Apache 2.0—previously a paid offering. Independent penetration testing by SRLabs confirmed 95% CVE reduction and found NO root escapes or container breakouts. These images use distroless runtime: no shell, no package manager, no attack surface.
We break down how distroless actually works (why removing /bin/sh matters), SLSA Level 3 cryptographic provenance, SBOM/VEX for killing alert fatigue, multi-stage build migration patterns, debugging without a shell (kubectl debug), and how Docker compares to Chainguard Wolfi, Google distroless, and Red Hat UBI.
NEWS SEGMENT:
• First Linux Kernel Rust CVE (CVE-2025-68260): Race condition in Android Binder's unsafe block. DoS only, no RCE. Greg Kroah-Hartman: "totally expected and normal."
https://www.phoronix.com/news/First-Linux-Rust-CVE
• GitHub Actions 39% Price Cut: Self-hosted billing postponed indefinitely after backlash. 96% of customers unaffected.
https://resources.github.com/actions/2026-pricing-changes-for-github-actions/
LINKS:
• Platform Engineering Playbook: https://platformengineeringplaybook.com
• Episode Page: https://platformengineeringplaybook.com/podcasts/00063-docker-hardened-images-free-security
• Full Script: https://github.com/platformengineeringorg/platform-engineering-playbook/blob/main/docs/podcasts/scripts/00063-docker-hardened-images-free-security.txt
• Docker Blog: https://www.docker.com/blog/docker-hardened-images-for-every-developer/
#docker #containers #security #kubernetes #platformengineering #devops #supplychainsecurity #distroless #sbom #slsa
View all episodes
By vibesreSupply chain attacks cost $60 billion in 2025. Docker just made the solution free.
On December 17, Docker released 1,000+ hardened container images under Apache 2.0—previously a paid offering. Independent penetration testing by SRLabs confirmed 95% CVE reduction and found NO root escapes or container breakouts. These images use distroless runtime: no shell, no package manager, no attack surface.
We break down how distroless actually works (why removing /bin/sh matters), SLSA Level 3 cryptographic provenance, SBOM/VEX for killing alert fatigue, multi-stage build migration patterns, debugging without a shell (kubectl debug), and how Docker compares to Chainguard Wolfi, Google distroless, and Red Hat UBI.
NEWS SEGMENT:
• First Linux Kernel Rust CVE (CVE-2025-68260): Race condition in Android Binder's unsafe block. DoS only, no RCE. Greg Kroah-Hartman: "totally expected and normal."
https://www.phoronix.com/news/First-Linux-Rust-CVE
• GitHub Actions 39% Price Cut: Self-hosted billing postponed indefinitely after backlash. 96% of customers unaffected.
https://resources.github.com/actions/2026-pricing-changes-for-github-actions/
LINKS:
• Platform Engineering Playbook: https://platformengineeringplaybook.com
• Episode Page: https://platformengineeringplaybook.com/podcasts/00063-docker-hardened-images-free-security
• Full Script: https://github.com/platformengineeringorg/platform-engineering-playbook/blob/main/docs/podcasts/scripts/00063-docker-hardened-images-free-security.txt
• Docker Blog: https://www.docker.com/blog/docker-hardened-images-for-every-developer/
#docker #containers #security #kubernetes #platformengineering #devops #supplychainsecurity #distroless #sbom #slsa