InfoQ Software Architects' Newsletter

A monthly overview of things you need to know as an architect or aspiring architect.

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Don't have an InfoQ account?

Stay updated on topics and peers that matter to youReceive instant alerts on the latest insights and trends.
Quickly access free resources for continuous learningMinibooks, videos with transcripts, and training materials.
Save articles and read at anytimeBookmark articles to read whenever youre ready.

Logo - Back to homepage

News Articles Presentations Podcasts Guides

Topics

Development

Featured in Development

Go Channels: Understanding Happens-Before for Safe Concurrency

This article dives into the happens-before semantics of Go channels, explaining how they relate to memory visibility, synchronization, and concurrency correctness. We'll examine subtle pitfalls, illustrate them with examples, and explore the architectural implications for system designers.

Go Channels: Understanding Happens-Before for Safe Concurrency

All in development

Architecture & Design

Featured in Architecture & Design

Mental Models in Architecture and Societal Views of Technology: A Conversation with Nimisha Asthagiri

In this podcast, Michael Stiefel spoke with Nimisha Asthagiri about the importance of system thinking, multi-agent systems, the consequences of society applying a technology into an area for which it was not designed, and whether we can ever have a healthy relationship with artificial intelligence.

Mental Models in Architecture and Societal Views of Technology: A Conversation with Nimisha Asthagiri

All in architecture-design

AI Infrastructure

Featured in AI, ML & Data Engineering

Deploy MultiModal RAG Systems with vLLM

Stephen Batifol discusses building and optimizing self-hosted, multimodal RAG systems. He breaks down vector search, nearest neighbor indexes (FLAT, IVF, HNSW), and the critical role of choosing the right embedding model. He then explains vLLM inference optimization (paged attention, quantization) and uses Mistral's Pixtral to detail multimodal large language model architecture.

Deploy MultiModal RAG Systems with vLLM

All in ai-ml-data-eng

Culture & Methods

Featured in Culture & Methods

Systems Thinking for Scaling Responsible Multi-Agent Architectures

Nimisha Asthagiri explains the critical need for responsible AI in complex multi-agent systems. She shares practical techniques for engineering leaders and architects, applying systems thinking and Causal Flow Diagrams. She shows how these methods help predict and mitigate the unintended consequences and structural risks inherent in autonomous, learning agents, using a scheduler agent example.

Systems Thinking for Scaling Responsible Multi-Agent Architectures

All in culture-methods

DevOps

Featured in DevOps

From Grassroots to Enterprise: Vanguard's Journey in SRE Transformation

Christina Yakomin shares Vanguard's SRE transformation: from quarterly testing of monoliths to a mature DevOps model with continuous delivery. She explains the SRE coaching hub, self-service tools, and advanced techniques like request-rate autoscaling. She details modern challenges, including region failure game days and testing AI-backed contact centers.

From Grassroots to Enterprise: Vanguard's Journey in SRE Transformation

All in devops

Events

Helpful links

Choose your language

QCon San Francisco 2025

Get proven patterns to de-risk modern architectures. See how engineers scale cloud-native systems, improve observability, and evolve reliable platforms at pace.

Early Bird ends Oct 14.

QCon AI New York 2025

Move beyond AI demos to real engineering impact. Discover how teams embed LLMs, govern models, and scale inference pipelines to accelerate development securely.

Early Bird ends Oct 14.

QCon London 2025

Benchmark your systems against leading engineering teams. See what really works in FinOps, modern Java, and distributed data architectures to balance cost, scale, and reliability.

Early Bird ends Oct 14.

InfoQ Homepage News Docker Launches Hardened Base Images

DevOps

Docker Launches Hardened Base Images

This item in japanese

Jun 21, 2025 1 min read

Mark Silvester

Write for InfoQ

Feed your curiosity. Help 550k+ global
senior developers
each month stay ahead.Get in touch

Listen to this article - 0:00

Audio ready to play

0:00

Reading list

Docker has introduced a new range of security-focused base images designed for production use, aiming to reduce vulnerabilities and support secure software supply chains across containerised applications.

Docker Hardened Images (DHI) are a curated set of minimal images built from source using a distroless approach. By removing shells, package managers, and other unnecessary components, the images are designed to reduce the attack surface of containerised workloads significantly.

According to Docker, the hardened images reduce the vulnerability footprint by up to 95% compared to traditional base images. Each image is maintained with automated patching and ongoing security updates, aiming for a near-zero number of known CVEs. Critical and high-severity vulnerabilities are patched within seven days, backed by a defined service-level agreement.

The hardened images are designed to be drop-in replacements for popular base images, such as Alpine and Debian. Docker has focused on ensuring compatibility with existing Dockerfiles to minimise disruption to build pipelines. A customisation layer allows teams to add their own certificates, packages, and configuration files on top of the secure base.

DHI images also include signed Software Bill of Materials (SBOMs) and provenance metadata, supporting increased transparency and supply chain visibility. These features may be particularly relevant for teams operating in regulated industries or security-sensitive environments, where additional assurance and traceability are valued.

Docker has announced early integration partners, including Microsoft, GitLab, JFrog, NGINX, Sysdig, Wiz, and Sonatype. These collaborations aim to ensure DHI works seamlessly with popular security and CI/CD tooling.

In internal testing, Docker reports that swapping a standard Node.js image for a hardened variant led to a 98% reduction in the number of installed packages and the elimination of known CVEs. The initial catalogue includes hardened images for common runtimes, including Python, Go, and Java.

DHI is now available via Docker Hub, with access determined by Docker’s subscription tiers. The setup documentation and customisation tools are included as part of the release.

About the Author

Mark Silvester

Show moreShow less

This content is in the DevOps topic

The InfoQ Newsletter

A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

We protect your privacy.

InfoQ Software Architects' Newsletter

Docker Launches Hardened Base Images

Write for InfoQ

About the Author

Mark Silvester

Rate this Article

This content is in the DevOps topic

Related Topics:

Related Editorial

Related Sponsors

Popular across InfoQ

Related Content

The InfoQ Newsletter