Red Hat delivers a minimal, distroless foundation that streamlines mission-critical AI workloads while establishing a new benchmark for supply chain integrity across the hybrid cloud

Red Hat, the world's leading provider of open source solutions, today announced the general availability of Red Hat Hardened Images. This no-cost catalog of trusted micro-sized components is designed to provide a resilient foundation for organizations pursuing Zero-CVE strategies. By providing a streamlined, security-focused starting point, Red Hat helps customers accelerate the development and deployment of cloud-native applications across any environment, from on-premises datacenters to public clouds.

What are Red Hat Hardened Images?

Red Hat Hardened Images is a catalog of essential container images designed for deployment across vendor-agnostic infrastructure, containing only the specific files required for an application to run. Built using Red Hat’s trusted software pipeline, these images are pre-hardened, rigorously tested for operational functionality and optimized to mitigate as many known security vulnerabilities as possible at the time of release.

Why this matters

Security teams are often overwhelmed by a constant stream of security alerts triggered by software that isn’t even necessary for the application to run. Red Hat Hardened Images removes the unnecessary software that can increase the risk of attack and creates this security noise. This minimalist approach provides a purpose-built path toward a Zero-CVE environment by offering several key benefits:

• High-fidelity security signals that remove non-essential software components so teams can focus on the vulnerabilities that actually impact their application.
• Streamlined CVE triage between developers and security by providing a verified and cleaner starting point for software builds.
• Standardized security profiles that apply pre-set configurations during the image creation process to support strict security certifications.
• Software supply chain trust with built-in Software Bill of Materials (SBOMs) provided in industry-standard formats for greater transparency.

What Red Hat and IDC are saying

"Modern infrastructure requires a balance between versatility and precision," said Gunnar Hellekson, vice president and general manager, Red Hat Enterprise Linux, Red Hat. "With Red Hat Hardened Images, we're providing a highly refined starting point for organizations that need to minimize their footprint without sacrificing the trust of the supply chain. Our goal is to cut through the security noise and give developers a foundation where they can build and scale without having to patch or manage software that their applications do not actually need."

“Container base images are a concentrated point of software supply chain risk, and the vulnerabilities inherited from them often land on developers who have no direct path to remediate them," said Katie Norton, research manager, IDC. “Red Hat Hardened Images is designed to provide a trusted, verifiable foundation for containerized workloads, intended to help teams meet compliance requirements while maintaining multi-cloud portability. This approach can help enterprises establish a secure default posture without sacrificing flexibility.”

Key takeaways

• Shift security earlier in the process so organizations can move security to the beginning of the development lifecycle with pre-validated images that meet regulatory requirements such as FIPS.
• Operational efficiency because smaller images with only necessary components help lead to easier accessibility, reduced resource consumption and fewer manual reviews of infrastructure-layer vulnerabilities.
• Verifiable supply chain trust through built-in digital inventories that offer a composition list for the images, providing transparency and easier reporting for compliance audits.

Deeper details

Red Hat Hardened Images are engineered to improve the security posture of modern applications without sacrificing portability. Application security strategies are only effective if the tools are actually functional. To support this, Red Hat Hardened Images encompass several core capabilities:

• Distroless architecture strips away command-line shells, package managers and other unnecessary tools to significantly reduce potential entry points for attackers.
• Trusted application dependencies allow users to pull hardened base images such as Python through Red Hat Trusted Libraries and populate them with verified, pre-built language packages to maintain a chain of trust from the base image through the application dependencies.
• Automated remediations where Red Hat tracks upstream sources to provide swift fixes for newly discovered security vulnerabilities so that the catalog remains current.
• Multi-cloud portability helps prevent vendor lock-in by providing a consistent operational experience across public clouds and on-premises infrastructure.

Availability

Red Hat Hardened Images are now generally available and can be accessed via the catalog.

Red Hat Summit

Join the Red Hat Summit keynotes live on YouTube to hear the latest from Red Hat executives, customers and partners:

• The next platform is choice — Tuesday, May 12, 8:30-10 a.m. EDT
• The AI-ready enterprise is here — Wednesday, May 13, 9-10 a.m. EDT

Learn more

• Learn more about Red Hat Summit
• See all of Red Hat’s announcements this week in the Red Hat Summit newsroom
• Follow @RedHatSummit or #RHSummit on X for event-specific updates

Connect with Red Hat

• Learn more about Red Hat
• Get more news in the Red Hat newsroom
• Read the Red Hat blog
• Follow Red Hat on X
• Follow Red Hat on Instagram
• Watch Red Hat videos on YouTube
• Follow Red Hat on LinkedIn

About Red Hat

Red Hat is the open hybrid cloud technology leader, delivering a trusted, consistent and comprehensive foundation for transformative IT innovation and AI applications. Its portfolio of cloud, developer, AI, Linux, automation and application platform technologies enables any application, anywhere—from the datacenter to the edge. As the world's leading provider of enterprise open source software solutions, Red Hat invests in open ecosystems and communities to solve tomorrow's IT challenges. Collaborating with partners and customers, Red Hat helps them build, connect, automate, secure and manage their IT environments, supported by consulting services and award-winning training and certification offerings.

Forward-Looking Statements

Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.

Red Hat, Red Hat Enterprise Linux and the Red Hat logo are trademarks or registered trademarks of Red Hat, LLC or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

View source version on businesswire.com: https://www.businesswire.com/news/home/20260512703354/en/