Our industry research shows that over 90% of modern applications rely on open source components, and container images routinely bundle hundreds of dependencies, which makes the image layer one of the largest, least visible attack surfaces in the software supply chain. More than half of organizations also report experiencing at least one software supply chain security incident in the past year, reinforcing a simple reality: teams can’t keep treating secure base images as a “nice to have.” They need to become the default.
In this episode of AppDevANGLE, I spoke with Michael Donovan, VP of Product Management at Docker, about why container images have become the control point for supply chain security, what “hardened” should mean in day-to-day developer workflows, and why Docker is pushing toward secure-by-default foundations that reduce friction for developers and security teams alike. We also covered how this thinking extends into AI-era workloads, specifically MCP servers, and why Docker is applying supply chain security patterns to agent-based infrastructure before insecure defaults become the norm.
Container Images as the Choke Point in the Software Supply Chain
Mike anchored the discussion in two forces: open source has fueled massive innovation, but vulnerabilities now arrive daily, and container images are one of the most common pathways for open source to enter production environments.
“Because container images are… one of the main ways that open source software gets put into place into the supply chain,” Mike said, “that’s why we think container images themselves are such a great control point.”
From Docker’s perspective, being a steward of the container ecosystem comes with an obligation: raise the baseline so security becomes a default behavior rather than an optional add-on.
“We take responsibility for that ecosystem,” he said. “It’s our responsibility to make sure that the entire ecosystem is secure… secure by default.”
What “Hardened Images” Should Mean to Developers
A recurring theme was that the only security practices that scale are the ones developers can adopt without taking on a second full-time job. Mike emphasized that developers generally don’t want to make insecure choices; they just don’t have time to triage endless findings or become vulnerability specialists on top of delivering features.
“Security needs to always be something you do by default in order to actually have massive adoption,” he said. Docker’s goal with Hardened Images is to enable a “seamless migration to a more secure foundation” without turning secure-by-default into a painful process change.
This is where hardened base images matter most: they shift security decisions earlier, so teams don’t get to the end of a pipeline only to hit the “stop the line” moment where scanners surface tens of thousands (or more) vulnerabilities late in the release cycle.
“When it happens at that point, it’s too late,” Mike said. “You’re already wasting cycles… it’s important to make those decisions much earlier.”
Why AI and MCP Servers Don’t Create “New” Supply Chain Problems
We also moved into the AI layer. The key point from Mike: many threats in agent workloads look like classic supply chain attacks, just amplified by speed, reuse, and automation.
“A lot of the problems in the agent workloads and MCP space are the same problems that we’ve been facing with supply chain security for over a decade,” he said.
Docker is applying the same foundation-first strategy to MCP infrastructure through:
- An MCP server catalog on Docker Hub
- Docker Hardened MCP servers, positioned as secure-by-default building blocks as agent adoption accelerates
The implication is important: as agents and AI tooling drive exponential growth in code and dependencies, the need for trusted, hardened foundations grows right alongside it.
Resetting the Baseline for 26M+ Developers
One of the biggest signals in the conversation was Docker’s intent to make hardened images the industry default rather than a gated enterprise feature. Mike framed the move as setting a new standard for container development across the ecosystem.
“By making Docker-hardened images free for everybody to use… we’re setting a new standard,” he said. “Security is not a right that only a few can get access to… it’s a right that every application developer should have.”
He also emphasized the licensing posture (Apache 2.0) so the ecosystem can adopt hardened base layers broadly. Docker’s ambition here is to make secure foundations so common that the industry can stop spending so much time debating CVE backlogs and instead innovate further up the stack.
“We’re all probably tired of talking about CVEs… Let’s make that a right,” Mike said. “We want the hardening to just be a default now.”
Control Back for Teams Managing Backlogs and End-of-Life Risk
A practical pain point for enterprises is the mismatch between open source lifecycle policies and real-world upgrade timelines. Organizations can’t always drop everything to jump versions, especially when dependencies roll forward on different schedules.
Docker’s answer is Extended Lifecycle Support (ELS) for Hardened Images, providing an additional five years past end-of-life so teams can upgrade on their own timeline without derailing their backlog.
“We want to give people the control back on when they do the upgrade,” Mike explained, so they don’t have to disrupt delivery just to keep up with upstream timelines. He also tied this into regulatory and compliance pressures (including the EU CRA discussion referenced in the conversation), where continuous support expectations are increasingly becoming table stakes.
Vendors, Open Source Publishers, and Enterprise Teams
Mike was explicit that Docker isn’t doing this alone. A meaningful part of the strategy is enabling publishers across Docker Hub to adopt hardened images as their base layer so the improvement cascades through the ecosystem.
“Nearly every one of them is looking for easier, faster, better ways to deliver secure defaults,” he said. “Now they have an option… to start building their open source projects on top of.”
This matters because the supply chain isn’t a single vendor’s problem; it’s an ecosystem problem. The direction here is that hardened-by-default becomes the shared foundation, and innovation moves to higher-order security capabilities rather than repeated debates over the same vulnerability backlog.
Analyst Take
This episode captures a strategic reset in container security: secure-by-default base images are moving from premium add-on to ecosystem baseline. That’s an important shift because it attacks the root cause of the “too many vulnerabilities, too late in the pipeline” cycle: insecure foundations and fragmented responsibility.
Three takeaways stand out:
- Images are the control point.
If open source is the fuel of modern development, images are the delivery mechanism, and therefore, one of the most effective levers for reducing supply chain risk. - Security has to be frictionless to scale.
Developers will choose the more secure option when it’s easy, seamless, and doesn’t punish velocity. Hardened-by-default is a workflow design decision, not just a security feature. - AI will amplify supply chain risk unless foundations improve.
As agents generate more code and dependencies, the “default” matters more than ever. Extending hardening to MCP servers and agent infrastructure is a logical move to prevent insecure automation from becoming normalized.
The larger market implication is that container security is being commoditized at the base layer, creating pressure (and opportunity) for vendors to compete above the baseline with higher-value capabilities. For developers and platform teams, the win is simpler: fewer insecure defaults, fewer fire drills, and a more trustworthy starting point for everything from microservices to AI agents.
