mirror/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-06-19 07:35:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
docker-docs/content/guides/lab-dhi-node.md
T
Michael Irwin b09c10066f Couple of minor adjustments based on PR feedback
2026-04-02 14:50:06 -04:00

2.7 KiB
Raw Permalink Blame History

title, linkTitle, description, summary, keywords, params
title linkTitle description summary keywords params
Lab: Migrating a Node App to Docker Hardened Images Lab: Migrating to DHI (Node) Migrate a Node.js application from a standard base image to Docker Hardened Images. Use Docker Scout to analyze CVEs, compare images, and inspect supply chain attestations. Hands-on lab: Replace a Node.js base image with a Docker Hardened Image. Analyze CVEs with Docker Scout, rewrite the Dockerfile to use multi-stage builds with DHI, and explore SBOMs, VEX, and compliance attestations. Docker, Hardened Images, DHI, Node.js, Docker Scout, CVE, security, SBOM, lab, labspace
tags time resource_links
labs
dhi
30 minutes
title url
Docker Hardened Images /dhi/
title url
Docker Scout docs /scout/
title url
Build attestations /build/metadata/attestations/
title url
Labspace repository https://github.com/dockersamples/labspace-dhi-node

Migrate a Node.js application from a standard node:24-trixie-slim base image to a Docker Hardened Image. You'll measure the before-and-after impact on CVE count, image size, and policy compliance using Docker Scout, then explore the supply chain attestations DHI ships with every image.

Launch the lab

{{< labspace-launch image="dockersamples/labspace-dhi-node" >}}

What you'll learn

By the end of this Labspace, you will have completed the following:

  • Analyze a Node.js container image with Docker Scout to identify CVE and policy failures
  • Rewrite a Dockerfile to use a multi-stage build with DHI dev and runtime variants
  • Compare image size and vulnerability counts before and after the migration
  • Inspect supply chain attestations included with Docker Hardened Images (SBOMs, SLSA, VEX)
  • Export VEX documents for integration with external scanners such as Grype or Trivy

Modules

# Module Description
1 Introduction Overview of Docker Hardened Images and their security benefits
2 Setup Perform setup tasks required for the lab.
3 Analyzing the Starting Image Build the app, scan it with Docker Scout, and review failing policies
4 Migrating to DHI Rewrite the Dockerfile with multi-stage DHI build and compare results
5 DHI Attestations and Scanner Integration Inspect SBOMs, FIPS attestations, STIG scans, and export VEX for external tools
Reference in New Issue View Git Blame Copy Permalink