DEVOPSdigest

Docker announced an expansion of the company’s trusted-content offerings for software developers.

Among the announcements is the launch of the Docker Verified Publisher program, which provides access to Docker differentiated and trusted content that developers can leverage as reliable building blocks for their applications. Datadog, Red Hat and VMware are the latest three publishers to join a program that has seen 100 companies join in the last six months. Adding to trusted content distributed through Docker, the company also announced the upcoming availability of Docker Official Images into public and private registries from Amazon Web Services, Inc. (AWS) and Mirantis. In a separate press release, Docker announced updates and enhancements to the Docker Collaborative Application Development Platform.

“This greatly expands choice for developers to complement Docker Official Images and solidifies the Docker platform and Docker Hub as the de facto standard for trusted, secure container images.” said Docker CEO Scott Johnston.

Secure software supply chains are becoming increasingly important to development teams as they work to lower the risk of exposure to malicious content while they build applications. Using reliable content at every stage ensures applications are secure and minimizes time and money spent on resolving security issues. With Docker, developers no longer need to worry about the source of their images. Instead they can quickly and confidently discover and use images in their applications from known, trusted sources. Docker Verified Publisher offerings include popular developer components such as Bitnami and Spring software from VMWare, RedHat Universal Base Images (UBI), Canonical Ubuntu and more.

Leveraging the success of Docker Official Images and the existing Docker Open Source program, the Docker Verified Publisher program extends to commercial content incorporating trusted solutions for developers that are part of the application delivery pipeline. With the Docker Verified Publisher program, developers can build, share and run applications quickly with confidence — knowing that each component is secure at every stage of the software supply chain.

Millions of developers rely on Docker Hub as their primary source for trusted content, including Docker Official Images and Docker Verified Publisher images. Developers will soon have the flexibility to download these images from their choice of registry including Amazon Elastic Container Registry Public (Amazon ECR Public) and Mirantis Secure Registry. This offers developers the ultimate flexibility to benefit from the trusted content provided by Docker using the registry of their preference.

With over 200 ISVs using Docker Hub to distribute their software to developers, users who see the Docker “Verified Publisher” badge know that the images they are pulling come straight from, and are supported by, the publisher. With 13 billion image pulls per month from nearly 8 million repositories by more than 13 million developers, Docker Hub delivers developers the largest breadth and depth of container images and plays a central role in building and sharing cloud-native applications.