Estimated reading time: 9 minutes
Permitted content and support options
Content that runs on Docker Enterprise may be published on Docker Hub under aVerified Publisher profile. This content may also qualify to become a DockerCertified Container or Plugin image, and thus become backed by collaborativeDocker/Publisher support.
Content that runs on the Docker Community may be published in Docker Hub, butis not supported by Docker nor is it eligible to become Certified.
Content that requires a non-Certified Infrastructure environment may not bepublished.
If your content: | Can publish | Can be Certified | Supported by publisher |
---|---|---|---|
Works on Docker Community | YES | NO | Optional |
Does not work on Docker Certified Infrastructure | NO | N/A | N/A |
We and third parties use cookies or similar technologies ('Cookies') as described below to collect and process personal data, such as your IP address or browser information. While designed for web development, the PHP scripting language also provides general-purpose use.
Onboarding
The Docker Hub publishing process begins from the landing page: sign in withyour Docker ID and specify a product name and image source from a private or public repository.
After specifying a source, provide the content-manifest items to populate yourproduct details page. These items include logos, descriptions, and licensing andsupport links so that customers can make informed decisions about your image.These items are submitted alongside the image itself for moderation.
The Docker Hub team then conducts a comprehensive review of your image andmetadata. We use Docker Security Scanning to evaluate the security of yourproduct images, and share results with you as the publisher. During theimage-moderation phase, we iterate back and forth with publishers to addressoutstanding vulnerabilities and content-manifest issues until the image is readyfor publication.
Commercial content and other supported images may qualify for the DockerCertified Container or Plugins quality mark. The testing for this program goesbeyond the vulnerability scan and also evaluates container images for Dockerbest practices developed over years of experience. Collaborative supportcapability between Docker and the publisher is also established. Refer to thediagram below for a high-level summary:
Create great content
Create your content, and follow our best practices to Dockerize it. Keep yourimages small, your layers few, and your components secure. Refer to the linksand guidelines listed below to build and deliver great content:
Here are some best practices when it comes to building vulnerability-free Docker images:
Choose a secure base image (See your Dockerfile’s FROM:
directive)
Many base images have a strong record of being secure, including:
DebianLinux: both small and tightly-controlled, Debian-linux is a good alternativeif you’re currently using Ubuntu.
Alpine Linux:Alpine is a minimal linux distribution with an excellent security record.
Alpine-based application images: these include
python:alpine
,ruby:alpine
,andgolang:alpine
. They are secure and minimal, while providing theconvenience of their non-Alpine alternatives.
Docker strongly recommends Alpine Linux. The founder of this Linux distributionis leading an initiative at Docker to provide safe, compact base images for allcontainer applications.
Remove unused components
Often, vulnerabilities exist in components that aren’t actually used in thecontainerized application. To avoid this, you can:
Follow best practices when using the
apt-get
command.Run
apt-get-remove
to destroy any components required to build but notactually run your application. Usually, this involves creating multi-lineDockerfile directives, as seen below. The following example shows how to removecurl
andpython-pip
after they are used to install the Pythonrequests
package, all in a single Dockerfile directive:
Files introduced in one directive of your Dockerfile can only be removed inthe same directive (and not in subsequent directives in your Dockerfile).
Keep required components up-to-date
Your images are composed of open-source libraries and packages that amassvulnerabilities over time and are consequently patched. To ensure the integrityof your product, keep your images up-to-date:
Periodically update your base image’s version, especially if you’re using aversion deemed to be vulnerable.
Re-build your image periodically. Directives including commands such as
apt-get install ...
pull the latest versions of dependencies, which mayinclude security fixes.
Create and maintain your Verified Publisher profile
Let the Docker community know who you are. Add your details, your companystory, and what you do. At the very minimum, we require:
- Legal entity name
- Company website
- Phone number
- Valid company email
- Company icon/logo (square; at least 512x512px)
Prepare your image-manifest materials
You must provide the namespace (including repository and tags) of a private or publicrepository on Docker Hub that contains the source for your product.This repository path is not shown to users, but the repositories you choosedetermine the Product Tiers available for customers to download.
The following content information helps us make your product look great anddiscoverable:
- Product Name
- Product icon/logo
- Short description: a one-to-two-sentence summary; up to 140 characters
- Category: Database, Networking, Business Software, etc. and any search tags
- Long description: includes product details/pitch
- Screenshot(s)
- Support link
- Product tier name
- Product tier description
- Product tier price
- Installation instructions
- Link to, or text of, license agreements
Download Dockerfile From Docker Hubspot
How the manifest information is displayed in the UI
This is an approximate representation, and some elements might shift around as we make enhancements.
Support your users
Docker users who download your content might need helplater, so be prepared for questions! The information you provide with yoursubmission saves support time in the future.
Support information
If you provide support along with your content, include that information. Isthere a support website? What email address can users contact for help? Arethere self-help or troubleshooting resources available?
Support SLA
Include a Service Level Agreement (SLA) for each image you’re offering. An SLA is your commitment to your users about the nature and level ofsupport you provide to them. Make sure your SLA includes support hours andresponse-time expectations, where applicable.
Security and audit policies
Docker Hubaudits consumer activity of your images to provideyou intelligence about the use of your product.
Usage audit and reporting
Unless otherwise negotiated, an audit of activity on publisher content isretained for no less than 180 days.
A monthly report of said activity is provided to the publisher with thefollowing data: (1) report of content download by free and paid customers bydate and time; (2) report of purchase, cancellations, refunds, tax payments,where applicable, and subscription length for paid customers of the content; and(3) the consolidated amount to be received by the publisher.
Certification
There are three types of certification that appear in Docker Hub.
Certifies that a container image on Docker Hub has been tested; complies bestpractices guidelines; runs on Docker Certified Infrastructure; has provenprovenance; been scanned for vulnerabilities; and is supported by Docker and thecontent publisher
This certification is designed for volume, network, and other plugins thataccess system level Docker APIs. Docker Certified Plugins provide the same levelof assurance as a Docker Certified Container, but go further by having passed anadditional suite of API compliance testing.
Docker Certified Publisher FAQ
What is the Docker Certified program?
Docker Certified Container images and plugins are meant to differentiate highquality content on Docker Hub. Customers can consume Certified Containers withconfidence knowing that both Docker and the publisher stands behind thesolution. Further details and an application can be found here..
What are the benefits of Docker Certified?
Docker Hub promotes Docker Certified Containers and Plugins running on DockerCertified Infrastructure trusted and high quality content. The Docker Certified badgecan also be listed alongside external references to your product.
How is support handled?
All Docker Certified Container images and plugins running on Docker Enterprise come with support provided directly by the publisher, under your existing SLA.Normally, a customer contacts the publisher for container and application levelissues. Likewise, a customer contacts Docker for Docker Enterprise support. In thecase where a customer calls Docker (or vice versa) about an issue on theapplication, Docker advises the customer about the publisher support process andperforms a handover directly to the publisher if required. TSAnet is requiredfor exchange of support tickets between the publisher and Docker.
How does a publisher apply to the Docker Certified program?
Start by applying to be a Docker TechnologyPartner
What is the difference between Official Images and Docker Certified?
Official Images is a program sponsored by Docker for the curation and packaging of Open Source Software. While upstream vendors are sometimes involved, this is not always the case. Docker Certified content is explicitly provided, maintained, and supported directly by the ISV.
How is certification of plugins handled?
Docker Certification program recognizes the need to apply special scrutiny andtesting to containers that access system level interfaces like storage volumesand networking. Docker identifies these special containers as “Plugins” whichrequire additional testing by the publisher or Docker.