Trusted content
Docker Hub's trusted content provides a curated selection of high-quality, secure images designed to give developers confidence in the reliability and security of the resources they use. These images are stable, regularly updated, and adhere to industry best practices, making them a strong foundation for building and deploying applications. Docker Hub's trusted content includes, Docker Official Images, Verified Publisher images, and Docker-Sponsored Open Source Software images.
Docker Official Images
The Docker Official Images are a curated set of Docker repositories hosted on Docker Hub.
Docker recommends you use the Docker Official Images in your projects. These
images have clear documentation, promote best practices, and are regularly
updated. Docker Official Images support most common use cases, making them
perfect for new Docker users. Advanced users can benefit from more specialized
image variants as well as review Docker Official Images as part of your
Dockerfile
learning process.
メモ
Use of Docker Official Images is subject to Docker's Terms of Service.
These images provide essential base repositories that serve as the starting point for the majority of users.
These include operating systems such as Ubuntu and Alpine, programming language runtimes such as Python and Node, and other essential tools such as memcached and MySQL.
The images are some of the most secure images on Docker Hub. This is particularly important as Docker Official Images are some of the most popular on Docker Hub. Typically, Docker Official images have few or no packages containing CVEs.
The images exemplify Dockerfile best practices and provide clear documentation to serve as a reference for other Dockerfile authors.
Images that are part of this program have a special badge on Docker Hub making it easier for you to identify projects that are part of Docker Official Images.
Supported tags and respective Dockerfile links
The repository description for each Docker Official Image contains a Supported tags and respective Dockerfile links section that lists all the current tags with links to the Dockerfiles that created the image with those tags. The purpose of this section is to show what image variants are available.
Tags listed on the same line all refer to the same underlying image. Multiple
tags can point to the same image. For example, in the previous screenshot taken
from the ubuntu
Docker Official Images repository, the tags 24.04
,
noble-20240225
, noble
, and devel
all refer to the same image.
The latest
tag for a Docker Official Image is often optimized for ease of use
and includes a wide variety of useful software, such as developer and build tools.
By tagging an image as latest
, the image maintainers are essentially suggesting
that image be used as the default. In other words, if you do not know what tag to
use or are unfamiliar with the underlying software, you should probably start with
the latest
image. As your understanding of the software and image variants advances,
you may find other image variants better suit your needs.
Slim images
A number of language stacks such as
Node.js,
Python, and
Ruby have slim
tag variants
designed to provide a lightweight, production-ready base image
with fewer packages.
A typical consumption pattern for slim
images is as the base image for the final stage of a
multi-staged build.
For example, you build your application in the first stage of the build
using the latest
variant and then copy your application into the final
stage based upon the slim
variant. Here is an example Dockerfile
.
FROM node:latest AS build
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . ./
FROM node:slim
WORKDIR /app
COPY --from=build /app /app
CMD ["node", "app.js"]
Alpine images
Many Docker Official Images repositories also offer alpine
variants. These
images are built on top of the
Alpine Linux
distribution rather than Debian or Ubuntu. Alpine Linux is focused on providing
a small, simple, and secure base for container images, and Docker Official
Images alpine
variants typically aim to install only necessary packages. As a
result, Docker Official Images alpine
variants are typically even smaller
than slim
variants.
The main caveat to note is that Alpine Linux uses musl libc instead of glibc. Additionally, to minimize image size, it's uncommon for Alpine-based images to include tools such as Git or Bash by default. Depending on the depth of libc requirements or assumptions in your programs, you may find yourself running into issues due to missing libraries or tools.
When you use Alpine images as a base, consider the following options in order to make your program compatible with Alpine Linux and musl:
- Compile your program against musl libc
- Statically link glibc libraries into your program
- Avoid C dependencies altogether (for example, build Go programs without CGO)
- Add the software you need yourself in your Dockerfile.
Refer to the alpine
image
description on
Docker Hub for examples on how to install packages if you are unfamiliar.
Codenames
Tags with words that look like Toy Story characters (for example, bookworm
,
bullseye
, and trixie
) or adjectives (such as focal
, jammy
, and
noble
), indicate the codename of the Linux distribution they use as a base
image. Debian release codenames are
based on Toy Story characters,
and Ubuntu's take the form of "Adjective Animal". For example, the
codename for Ubuntu 24.04 is "Noble Numbat".
Linux distribution indicators are helpful because many Docker Official Images
provide variants built upon multiple underlying distribution versions (for
example, postgres:bookworm
and postgres:bullseye
).
Other tags
Docker Official Images tags may contain other hints to the purpose of their image variant in addition to those described here. Often these tag variants are explained in the Docker Official Images repository documentation. Reading through the "How to use this image" and "Image Variants" sections will help you to understand how to use these variants.
Verified Publisher images
The Docker Verified Publisher program provides high-quality images from commercial publishers verified by Docker.
These images help development teams build secure software supply chains, minimizing exposure to malicious content early in the process to save time and money later.
Images that are part of this program have a special badge on Docker Hub making it easier for users to identify projects that Docker has verified as high-quality commercial publishers.
Docker-Sponsored Open Source Software images
The Docker-Sponsored Open Source Software (OSS) program provides images that are published and maintained by open-source projects sponsored by Docker.
Images that are part of this program have a special badge on Docker Hub making it easier for users to identify projects that Docker has verified as trusted, secure, and active open-source projects.