Docker, Inc

Ever feel like Docker tutorials are either too simple… or way too convoluted? Docker Captain Saloni Narang just dropped a blog series that skips the analogies and gets straight to what actually matters. No “Docker is like a VM.” No mental gymnastics required. Instead, 7 Days of Docker takes you through things like: - What Actually Happens When You Type “docker run” - Why your image supply chain might be breaking down - How Docker Compose is actually used in practice It’s a from-the-inside-out explanation of Docker: how it really works and how it’s actually used. If Docker hasn’t quite “clicked” yet, this helps connect the dots: https://bit.ly/4esEp04

Platform teams often need golden images with internal requirements baked in. The challenge is keeping those customizations baked-in, as images are patched with every CVE. This video shows how Docker Hardened Image customizations let you define changes once, keep all attestations intact, and have those changes automatically persist across every patch. Watch now: https://bit.ly/3QRTSgk

Not all vulnerabilities are equal. In container environments, many CVEs exist in the filesystem but have no impact on how your application actually runs. Treating them the same creates false positives, slows teams down, and pulls focus away from real risk management. The new integration between Docker Hardened Images and Black Duck change that: → VEX data filters out vulnerabilities that are not exploitable → Binary analysis verifies what’s actually in the container within binary executables and libraries → Layer-aware insights separate base image noise from application risk → Policy automation enforces exploitability-driven triage at scale The result: fewer false positives, faster pipelines, and security teams focused on what actually matters. Read more →

Early bird discount tickets still available for WeAreDevelopers World Congress North America! This isn’t just another tech conference - with Docker as co-host, it’s a builders-first event focused on how software is actually being built today: from AI workflows to platform engineering, security, and real-world systems. Expect hands-on workshops, live builds, and sessions you can take back into your day-to-day work. If you’re planning to attend, now’s the time to lock it in. Get your ticket → https://bit.ly/4e7b7nD

Teams are starting to not just use one agent, but multiple in parallel. In the latest Docker AI Labs newsletter, the team behind Docker Sandboxes team shares how they built a virtual fleet of agent roles to test releases, triage issues, generate release notes, and even fix bugs in CI. The key detail: these agents run in Docker Sandboxes. That means the team is using the same secure, microVM-based isolation model they’re building for users - same setup locally and in CI, same skills, same sandboxes. A practical, behind-the-scenes look at how agent workflows actually get integrated into real development systems. Read more →

Ever had a deployment blocked by security over CVEs from packages you don’t even use? This walkthrough starts with a real example: a ClickHouse deployment that got stopped in its tracks because of vulnerabilities in the base image, not the application itself. It breaks down: • Why this happens with standard images • What actually triggers those scanner failures • How removing unused packages changes the conversation with security This post then shows what this looks like in practice using Docker Hardened Images, from local runs to Kubernetes. This is a solid overview if you’re looking for ways to get from blocked to production-ready without rewriting your stack. Read →

What does it actually take to get a Hugging Face Spaces running on Arm64? With Arm64 now powering developer machines, cloud instances, and edge systems, and Hugging Face hosting over 1M Spaces and 2M+ models - compatibility is becoming a real constraint. This on-demand Docker + Arm session walks through a real example that looks fine at first, but fails due to architecture-specific dependencies. You’ll see how to: • Identify hidden x86-only dependencies • Understand why builds fail on Arm • Use MCP Toolkit + Arm MCP Server + Copilot to diagnose issues • Move from broken build to a working Arm64 setup A practical look at how modern AI workflows meet real-world infrastructure. Watch → https://bit.ly/4sFY1Bj

Near-zero CVE hardened images are magical, but you need to add back in certs, tools, or permissions to truly make them your own. In this video, learn how you can customize Docker Hardened Images, while keeping SLSA Level 3 provenance, security attestations, and the Docker SLA intact. The truly magical part? Provenance, attestations, and the SLA persist automatically through every patch. Full video: https://lnkd.in/gr4NBbUj

At AI Dev today, Tushar Jain's talk is packed! This is one of the most technical AI developer gatherings of the year, hosted by Andrew Ng (DeepLearning.AI), and the room is full of builders focused on a very real shift: moving from AI demos to systems that actually run in production. In 'Shipping Agents Safely: Boundaries That Actually Work', Tushar is walking through what it takes to make that real - from runtime boundaries to isolated execution and recovery-first design. Strong signal from the room that runtime, isolation, and trust are becoming core concerns as agents move into real workflows. If you’re here, you can find us after at booth #11!