Commentary

  • Docker Hardened Images start with a dramatically reduced attack surface, up to 95% smaller, to limit exposure from the outset.
  • DHI are the new thing in docker, they help in avoiding the image bloat.
  • They are not just trimmed-down versions of existing containers, they’re built from the ground up which is really interesting to work with and help optimise the build process as well as deployment constraints.