More The Changelog: Software Development, Open Source episodes
Published 4 Feb 2026
Duration: 1:16:49
Docker launches initiative to improve supply chain security through open-sourced, hardened images and transparency standards.
In May of 2025, Docker launched Hardened Images, a secure, minimal, production-ready set of images. In December, they made DHI freely available and op...
The podcast covers Docker's efforts to improve supply chain security by open-sourcing its Hardened Images, which are minimal container images intended to reduce security risks and streamline development processes. It addresses the increasing prevalence of supply chain attacks and outlines Docker's strategy to counter them using transparency standards such as SBOM (Software Bill of Materials), SLSA (Supply Chain Level Security Alignment), and VEX (Vulnerability Exploitability eXchange). These standards aim to ensure reproducible builds, better vulnerability tracking, and secure content delivery, providing a more trustworthy foundation for container-based applications.
Docker plans to offer free access to Hardened Images for open-source projects and developers, while also providing enterprise-level features to meet compliance and advanced security requirements. The initiative includes the development of a custom build system that adheres to SLSA guidelines, enforcing secure defaults in configurations, and promoting security as an integral part of the software development lifecycle. The conversation also notes Docker's expanding role in AI and agent-based workflows, with new runtime security features and isolation mechanisms designed to enhance security in these emerging areas.
13 May 2026 Automation at the speed of Swamp (Friends)
The text explores the shift to secure cloud-based software development, AI's transformative role in reshaping workflows and roles, the challenges of cross-disciplinary communication, emerging automation practices like agent-driven systems, and the evolving implications of AI on developer responsibilities and team dynamics.
24 Apr 2026 Exploring with agents (Interview)
Software development grapples with agent integration complexities, necessitating tool redesign for agent-first workflows, addressing security and identity challenges, balancing single/multi-agent trade-offs, reimagining collaboration through workspaces, and redefining developer roles in an AI-driven, open-source landscape.
27 Mar 2026 Astral has been acquired by OpenAI (News)
Adam's spring break and Chuck Norris tribute aside, the focus is on tech updates including Astro's Open AI acquisition, AI-driven developer tools, supply chain vulnerabilities in Light LLM, OpenCode's legal hurdles, Rust's compilation issues, Work OS's secure authentication methods, AI-powered tax software challenging incumbents, and concerns over the stalled HTTPX library and its potential fork.
11 Mar 2026 From Tailnet to platform (Interview)
Tailscale is redefining itself as a secure connectivity platform, integrating identity and connectivity, while Aperture serves as an API gateway for secure collaboration, and the company is focusing on enterprise readiness, self-hosting, and leveraging AI and LLMs to enhance its services.
10 Mar 2026 Big change brings big change (News)
Major news and tech updates are discussed, including an attack on AWS data centers, new MacBook Pro models, and advancements in AI, robotics, and coding tools.
More The Changelog: Software Development, Open Source episodes