Why MicroVMs: The Architecture Behind Docker Sandboxes
Docker announced Docker Sandboxes, a microVM‑based solution that isolates each AI coding agent in its own lightweight virtual machine. The architecture couples a dedicated microVM with a private Docker daemon, delivering full Docker‑build, run, and compose capabilities without host‑level privileges. To achieve cross‑platform support, Docker built a new VMM that runs natively on macOS, Windows and Linux using each OS’s native hypervisor, eliminating translation layers and enabling near‑instant cold starts. The result is VM‑grade security with developer‑grade speed, allowing teams to run autonomous agents safely at scale.
Why We Chose the Harder Path: Docker Hardened Images, One Year Later
One year after launching Docker Hardened Images (DHI), Docker reports over 500,000 daily pulls and more than one million builds, with a catalog exceeding 2,000 hardened images, Helm charts, and system packages across Debian and Alpine. The DHI Community tier...
Reclaim Developer Hours Through Smarter Vulnerability Prioritization with Docker and Mend.io
Mend.io has integrated with Docker Hardened Images (DHI) to deliver a zero‑configuration solution that automatically distinguishes base‑image vulnerabilities from application‑layer risks. By leveraging Docker’s VEX (Vulnerability Exploitability eXchange) data, the platform filters out non‑exploitable and unreachable CVEs, allowing developers to...
Docker Offload Now Generally Available: The Full Power of Docker, for Every Developer, Everywhere.
Docker announced Docker Offload is now generally available, moving the Docker engine to a fully managed cloud service. The shift lets developers run Docker Desktop in VDI, locked‑down laptops, and other restricted environments without changing workflows or UI. Offload offers...
How to Run Claude Code with Docker: Local Models, MCP Servers, and Secure Sandboxes
Docker now enables developers to run Claude Code locally, connect it to external tools, and sandbox its actions. Using Docker Model Runner, Claude Code accesses an Anthropic‑compatible API, giving full control over data, infrastructure, and spending. The Docker MCP Toolkit...
Flexibility Over Lock-In: The Enterprise Shift in Agent Strategy
According to Docker’s State of Agentic AI survey of 800+ developers, 95% now view building AI agents as a strategic priority and have moved beyond pilots to early production. Enterprises are rapidly adopting multi‑model and multi‑cloud architectures, with 61% combining...
Celebrating Women in AI: 3 Questions with Cecilia Liu on Leading Docker’s MCP Strategy
Docker’s Model Container Platform (MCP) Catalog and Toolkit, overseen by senior product manager Cecilia Liu, offers a container‑based solution for discovering, configuring, and scaling AI model servers. The product bundles in‑product setup guides, role‑based access controls, audit logging and custom...
Announcing Docker Hardened System Packages
Docker announced Docker Hardened System Packages, extending its Docker Hardened Images (DHI) security model to individual OS packages. The offering adds more than 8,000 hardened Alpine packages with Debian support slated soon, and maintains Docker’s SLSA Level 3 build pipeline and...
How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)
Medplum, an open‑source headless EHR serving over 20 million patients, migrated its production containers to Docker Hardened Images (DHI) with just 54 lines of code changes across five files. The switch replaced custom hardening scripts with Docker’s secure‑by‑default base images, eliminating...
Running NanoClaw in a Docker Shell Sandbox
Docker Sandboxes introduced a new "shell" sandbox type that provides an interactive Ubuntu microVM with preinstalled development tools. The guide demonstrates running the Claude‑powered NanoClaw WhatsApp assistant inside this sandbox, isolating its filesystem and credentials. By mounting only a workspace...