Red Hat announced on May 12 the general availability of Red Hat Hardened Images, a catalog of trusted, micro-sized container images designed to support organizations aiming for Zero-CVE (Common Vulnerabilities and Exposures) strategies. The offering is available at no cost and aims to help customers accelerate the development and deployment of cloud-native applications across different environments.
The launch is intended to address software supply chain risks that often arise from container base images. According to Red Hat, these vulnerabilities can burden developers who have limited options for remediation. By providing pre-hardened images that are rigorously tested and optimized to reduce known security vulnerabilities at release, Red Hat seeks to give organizations a more secure starting point.
Gunnar Hellekson, vice president and general manager of Red Hat Enterprise Linux at Red Hat, said: “Modern infrastructure requires a balance between versatility and precision. With Red Hat Hardened Images, we’re providing a highly refined starting point for organizations that need to minimize their footprint without sacrificing the trust of the supply chain. Our goal is to cut through the security noise and give developers a foundation where they can build and scale without having to patch or manage software that their applications do not actually need.”
Katie Norton, research manager at IDC, also commented on the announcement: “Container base images are a concentrated point of software supply chain risk, and the vulnerabilities inherited from them often land on developers who have no direct path to remediate them. Red Hat Hardened Images is designed to provide a trusted, verifiable foundation for containerized workloads, intended to help teams meet compliance requirements while maintaining multi-cloud portability. This approach can help enterprises establish a secure default posture without sacrificing flexibility.”
Red Hat highlighted several features with this release: high-fidelity security signals by removing non-essential components; streamlined CVE triage; standardized security profiles; built-in Software Bill of Materials (SBOMs); distroless architecture removing unnecessary tools; trusted application dependencies using verified packages; automated remediations tracking upstream sources; and multi-cloud portability.
The company said that these new images will allow organizations’ security teams to focus only on relevant vulnerabilities while supporting regulatory requirements such as FIPS compliance. The catalog is now generally available.
