Docker Verified Publisher: Trusted Sources, Trusted Content – Docker Blog


Six months since its launch at DockerCon, the Docker Verified Publisher program delivers on its promise to developers and partners alike

The Docker Verified Publisher program means trusted content and trusted sources for the millions of Docker users. At the May 2021 DockerCon, Docker announced its Secure Software Supply Chain initiative, highlighting Docker Verified Publisher as a key component of that trusted content. 

The trusted images in Docker Hub help development teams build secure software supply chains, minimizing exposure to malicious content early in the process to save time and money later. Docker allows developers to quickly and confidently discover and use images in their applications from known, trusted sources. 

Docker Verified Publisher partners join the trusted content Docker provides, along with Docker Official Images and the Docker Open Source program. In short, the Docker Verified Publisher program promises developers that the images they use are from the trusted software publisher. And a Docker Hub search shows trusted sources first.

Trusted images and software security are at the forefront of what the new Docker Business subscription tier offers, too. These trusted images can be allowed into large organizations – while preventing unverified, untrusted community images via the Docker Business Image Management features in the Docker Hub organization control plane. And of course, those trusted images include Docker Verified Publisher partners.

Dozens of software publishers have joined the Docker Verified Publisher program already, and more are poised to join before Docker’s new Docker Desktop license policies take effect (31 January 2022).

Docker Verified Publisher partners enjoy benefits such as:

  • Removal of rate limiting on all repos in the DVP partners’ namespace, providing a premium user experience: all Docker users, whether they have a Docker subscription or not, are be able to pull the partner’s images as much as they want
  • DVP badging on partner namespace and repos, indicating the trusted content and verified source (part of Docker’s Secure Software Supply Chain initiative)
  • Priority search ranking in Docker Hub 
  • Co-marketing opportunities including social shares, posts on the popular Docker blog, the exclusive right to sponsor DockerCon 2022,etc.
  • Inclusion as one of two trusted sources in the image access controls included in the Docker Business subscription tier, bringing essential security and management capabilities to larger Docker customers
  • Regular reporting to track key partner repo metrics such as pull requests, unique IP addresses, and more
  • And more benefits added regularly

To learn more and join the Docker Verified Publisher program, just email partners@docker.com or visit this page to contact us.




Source link