Docker, Inc

Your agents can write code, call APIs, modify files, and spin up containers. That's exactly what makes them useful. It's also why it’s just a little terrifying if they’re running loose on your host machine. On June 24, we're partnering with Data Science Dojo for a hands-on virtual workshop to address this: “Running LLM Agents Safely with Docker Sandboxes.” Docker Developer Success Advocate Dan Ndombe will walk through building a secure runtime environment where agents can actually do their jobs - without turning your filesystem into a crime scene. You'll come away with: • A working sandboxed agent setup • A clear framework for permission controls and runtime isolation • Patterns you can apply immediately to dev or production environments Whether you're building experimental prototypes or deploying agentic systems at scale, this workshop will help you build the guardrails that make agent autonomy practical. Register: https://lnkd.in/gQDFyCwZ

Congrats to Ajeet Singh Raina and Harsh Manvar! 🚀 One of the best parts of this community is seeing how many developers are eager to keep learning and expanding their Docker skills.

What actually makes a container image "hardened"? As supply chain security gets more attention, "hardened" content comes up a lot, in this guide we get into what hardened images and why they matter. A genuinely hardened image does three things, not one: it strips out the packages an application never uses (most container CVEs live in that inherited baggage), it's continuously rebuilt to stay patched, and it ships with verifiable metadata (such as SBOMs, SLSA provenance, VEX, and signatures) so you can always prove what's inside and how it was built. This guide breaks down why minimization alone isn't enough, and how hardened images differ from slim variants, distroless builds, and basic image scanning. Read →

Docker has joined Athena, a cross-industry coalition focused on coordinating the defense of open source vulnerabilities before they can be exploited. No single company has visibility into the entire software supply chain. That's why collaboration across the ecosystem is becoming increasingly important as AI accelerates vulnerability discovery. Here's why we're participating and what it means for developers:

The interesting questions about agents aren't really about the model anymore. They're about execution, permissions, credentials, and what happens when an agent can take action on your behalf. This Elastic Community video gives a clear, practical walkthrough of Docker Sandboxes: how they isolate agent workflows, why that matters for local development, and what the day-to-day experience of working with agents actually looks like. It covers everything from autonomous workflows and credential handling to network controls and the practical developer experience. Watch: https://lnkd.in/eMYXJsDp

What if you could run powerful LLMs locally, without touching the cloud? Docker Captain Pawel Piwosz walks through exactly that in his new LinkedIn Learning course: ‘Build and Deploy Secure AI Workloads with Docker’. You’ll learn how to: - Set up and configure Docker Model Runner to run LLMs locally - Pull and manage prebuilt models from Docker Hub - Package and distribute your own models - Integrate local LLMs into your apps using the OpenAI API interface Whether you're building prototypes, protecting sensitive data, or cutting inference costs, this course gives you the tools to run powerful AI models on your own terms. Taught by Pawel Piwosz, Docker Captain, DevOps Institute Ambassador, and CD Foundation Ambassador. Start learning: https://bit.ly/4ggjEpa

At some point every agent workflow runs into the same questions: What can the agent access? What tools should it use? What happens when it makes a mistake? Who can see what it did? This issue of Docker Navigator explores how teams are answering those questions in practice, from governance and MCP controls to sandbox isolation, supply chain trust, and safer autonomous execution. Inside: Gordon GA, Docker AI Governance, container security updates, and practical reads on agent failure modes, containment, and control. Read the issue →

Aikido Security now scans Docker Hardened Images with built-in VEX support. CVEs that Docker has verified as non-exploitable drop out of the queue automatically, with the justification attached. Signed SBOMs and OpenVEX attestations help ensure the findings that remain are the ones that actually apply to the image, not every CVE that ever touched an upstream package. Join us for the webinar for the integration walkthrough on 06/25 - link in the comments! Read the walkthrough →

AI may be accelerating software development, but it isn’t removing engineering fundamentals. In this special Ship Happens highlight episode, six engineering leaders share what they’re seeing as AI moves from experimentation into real software delivery. Topics include the tension between speed and reliability, what happens when AI-generated changes outpace human oversight, and what it takes to safely operationalize agents in production. If you're trying to understand where AI is actually changing software development - and where the pressure is shifting next - this episode shows how industry leaders are adapting their workflows, platforms, and teams to keep up. Watch the full episode → https://bit.ly/43s92vT