Signal Hub

Docker news and articles

Docker

Updated just now

Ctrl K

Date

Source

9 articles

Docker Blog

~1 min readMay 5, 2026

Generate Images Locally with Docker Model Runner and Open WebUI

We've all been there: you need to generate a few images for a project, you fire up an AI image service, and suddenly you're wondering what happens to your prompts, how many credits you have left, or why that "safe content" filter rejected your perfectly reasonable request for a dragon wearing a business suit. What...

Docker Blog

~1 min readMay 5, 2026

Precision Container Security with Docker and Black Duck

The complexity of modern containerized applications often leaves developers drowning in a sea of "noise"—vulnerabilities that exist in the file system but pose zero actual risk to the application. The integration between Black Duck and Docker Hardened Images (DHI) provides a definitive answer to this challenge. By combining Docker’s secure-by-default foundations, using VEX (Vulnerability Exploitability eXchange)...

Docker Blog

~1 min readMay 1, 2026

A Virtual Agent team at Docker: How the Coding Agent Sandboxes team uses a fleet of agents to ship faster

I work on Coding Agent Sandboxes, aka “sbx” at Docker. The project provides secure, microVM-based isolation for running AI coding agents like Claude Code, Gemini, Codex, Docker Agent and Kiro. Agents get full autonomy inside a sandbox (their own Docker daemon, network, filesystem) without touching your host system. Over the past couple of weeks, we...

Docker Blog

~1 min readApr 30, 2026

From Security Blocked to Prod Ready: ClickHouse on Docker Hardened Images

In November 2025, a team self-hosting Langfuse, an open-source LLM observability platform, on Kubernetes uploaded their ClickHouse image to AWS ECR as part of their production preparation. They found that the pipeline scanner had returned three critical vulnerabilities - not in ClickHouse, but in the base image. Their security team saw the findings and blocked...

Docker Blog

~1 min readApr 23, 2026

Trivy, KICS, and the shape of supply chain attacks so far in 2026

Catching the KICS push: what happened, and the case for open, fast collaboration In the past few weeks we've worked through two supply chain compromises on Docker Hub with a similar shape: first Trivy, now Checkmarx KICS. In both cases, stolen publisher credentials were used to push malicious images through legitimate publishing flows. In both...

Docker Blog

~1 min readApr 16, 2026

Why MicroVMs: The Architecture Behind Docker Sandboxes

Last week, we launched Docker Sandboxes with a bold goal: to deliver the strongest agent isolation in the market. This post unpacks that claim, how microVMs enable it, and some of the architectural choices we made in this approach. The Problem With Every Other Approach Every sandboxing model asks you to give something up. We...

Docker Blog

~1 min readApr 14, 2026

Why We Chose the Harder Path: Docker Hardened Images, One Year Later

We're coming up on a year since launching Docker Hardened Images (DHI) last May, and crossing a milestone earlier this month made me stop and reflect on what we've actually been building. Earlier this month, we crossed over 500k daily pulls of DHIs, and over 25k continuously patched OS level artifacts in our SLSA Build...

Docker Blog

~1 min readApr 13, 2026

How to Analyze Hugging Face for Arm64 Readiness

This post is a collaboration between Docker and Arm, demonstrating how Docker MCP Toolkit and the Arm MCP Server work together to scan Hugging Face Spaces for Arm64 Readiness. In our previous post, we walked through migrating a legacy C++ application with AVX2 intrinsics to Arm64 using Docker MCP Toolkit and the Arm MCP Server...

Docker Blog

~1 min readApr 8, 2026

Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io

We recently announced the integration between Mend.io and Docker Hardened Images (DHI) provides a seamless framework for managing container security. By automatically distinguishing between base image vulnerabilities and application-layer risks, it uses VEX statements to differentiate between exploitable vulnerabilities and non-exploitable vulnerabilities, allowing your team to prioritize what really matters. TL;DR: The Developer Value Proposition...