docker.com / .docker-com-blog

Learn when, where, and how to generate SBOMs for container images. Covers build-time vs. post-build approaches, quality criteria, and CI/CD integration.

Learn what the EU Cyber Resilience Act requires, including SBOM mandates, vulnerability reporting, and compliance deadlines for container teams.

Learn what a software bill of materials (SBOM) is, why it matters for supply chain security, how to generate one, and what formats and standards to use.

Learn how an AI coding agent caused a 13-hour AWS outage and how Docker Sandboxes help reduce risk with scoped identities and isolated execution.

Docker Content Trust (DCT) and the Notary v1 service at notary.docker.io are being fully retired (first announced in July of 2025). This blog explains what is changing, who is affected, and how to move to modern alternatives.

AI is lowering the bar for supply chain attacks. Docker is joining the Athena alliance, a cross-industry effort to coordinate the defense of open source, building on our work to give every developer secure-by-default tools and our track record of ...

Learn from Docker experts to simplify and advance your app development and management with Docker. Stay up to date on Docker events and new version ...

Learn the key software supply chain security best practices for container-based delivery, from trusted base images and dependency management to build provenance and runtime monitoring.

Learn what AI governance is, why it matters, and how to manage AI systems safely and at scale.

Learn what hardened container images are, how they reduce CVE exposure by removing unnecessary packages, and why they're becoming the standard for secure container deployments.