Docker, Inc

Not all vulnerabilities are equal. In container environments, many CVEs exist in the filesystem but have no impact on how your application actually runs. Treating them the same creates false positives, slows teams down, and pulls focus away from real risk management. The new integration between Docker Hardened Images and Black Duck change that: → VEX data filters out vulnerabilities that are not exploitable → Binary analysis verifies what’s actually in the container within binary executables and libraries → Layer-aware insights separate base image noise from application risk → Policy automation enforces exploitability-driven triage at scale The result: fewer false positives, faster pipelines, and security teams focused on what actually matters. Read more →

Early bird discount tickets still available for WeAreDevelopers World Congress North America! This isn’t just another tech conference - with Docker as co-host, it’s a builders-first event focused on how software is actually being built today: from AI workflows to platform engineering, security, and real-world systems. Expect hands-on workshops, live builds, and sessions you can take back into your day-to-day work. If you’re planning to attend, now’s the time to lock it in. Get your ticket → https://bit.ly/4e7b7nD

Teams are starting to not just use one agent, but multiple in parallel. In the latest Docker AI Labs newsletter, the team behind Docker Sandboxes team shares how they built a virtual fleet of agent roles to test releases, triage issues, generate release notes, and even fix bugs in CI. The key detail: these agents run in Docker Sandboxes. That means the team is using the same secure, microVM-based isolation model they’re building for users - same setup locally and in CI, same skills, same sandboxes. A practical, behind-the-scenes look at how agent workflows actually get integrated into real development systems. Read more →

Ever had a deployment blocked by security over CVEs from packages you don’t even use? This walkthrough starts with a real example: a ClickHouse deployment that got stopped in its tracks because of vulnerabilities in the base image, not the application itself. It breaks down: • Why this happens with standard images • What actually triggers those scanner failures • How removing unused packages changes the conversation with security This post then shows what this looks like in practice using Docker Hardened Images, from local runs to Kubernetes. This is a solid overview if you’re looking for ways to get from blocked to production-ready without rewriting your stack. Read →

What does it actually take to get a Hugging Face Spaces running on Arm64? With Arm64 now powering developer machines, cloud instances, and edge systems, and Hugging Face hosting over 1M Spaces and 2M+ models - compatibility is becoming a real constraint. This on-demand Docker + Arm session walks through a real example that looks fine at first, but fails due to architecture-specific dependencies. You’ll see how to: • Identify hidden x86-only dependencies • Understand why builds fail on Arm • Use MCP Toolkit + Arm MCP Server + Copilot to diagnose issues • Move from broken build to a working Arm64 setup A practical look at how modern AI workflows meet real-world infrastructure. Watch → https://bit.ly/4sFY1Bj

Near-zero CVE hardened images are magical, but you need to add back in certs, tools, or permissions to truly make them your own. In this video, learn how you can customize Docker Hardened Images, while keeping SLSA Level 3 provenance, security attestations, and the Docker SLA intact. The truly magical part? Provenance, attestations, and the SLA persist automatically through every patch. Full video: https://lnkd.in/gr4NBbUj

At AI Dev today, Tushar Jain's talk is packed! This is one of the most technical AI developer gatherings of the year, hosted by Andrew Ng (DeepLearning.AI), and the room is full of builders focused on a very real shift: moving from AI demos to systems that actually run in production. In 'Shipping Agents Safely: Boundaries That Actually Work', Tushar is walking through what it takes to make that real - from runtime boundaries to isolated execution and recovery-first design. Strong signal from the room that runtime, isolation, and trust are becoming core concerns as agents move into real workflows. If you’re here, you can find us after at booth #11!

Last day to submit your talk for WeAreDevelopers World Congress North America! If you’re deep in building with AI or running real systems at scale, this is your chance to put that work in front of 10,000+ developers and industry leaders. With Docker as Presenting Partner and co-host, this is a builder-focused event where speakers don’t just present - they pressure-test ideas, compare approaches, and see how others are solving the same problems. Submit your CFP → https://bit.ly/4tgT82F

What happens when you give an AI agent too much freedom? This live session tests that with a vulnerable Java app and a “YOLO mode” Copilot workflow - and shows how Docker Sandbox contains the risk. 📅 Thu, Apr 30, 2026, 11:00 AM PST 🎟️ Free, virtual - join live: https://lnkd.in/gkEtpM8F