Docker

Docker Hardened Images Are Now Free: What This Means for Developers and Platform Teams

by

Last week Docker made a big move for the container ecosystem. Docker Hardened Images (DHI) are now free and open source, making secure container foundations accessible to everyone.

If you build, deploy, or operate containerized workloads, this is one of those changes that quietly but meaningfully improves day to day security and reliability.

Let’s break down what Docker Hardened Images are, why they matter, and how you can start using them today.

What Are Docker Hardened Images?

Docker Hardened Images are base container images that come pre-hardened for security and transparency. Instead of starting from a generic base image and layering on your own security practices, DHI gives you a safer starting point out of the box.

They are designed to reduce common container risks without adding operational overhead or complexity.

In practical terms, this means Docker has already done the work many teams struggle to keep up with.

What You Get Out of the Box

When you use Docker Hardened Images, your base images now:

  • Include automated security metadata
  • Are minimalist and optimized for faster builds and startup times
  • Contain significantly fewer known vulnerabilities (CVEs) from the start
  • Are fully free and open source

This shifts container security left, right to the foundation of your application images.

There still is a paid version of Docker Hardened Images for those that have enterprise needs. Here is a breakdown of what you get with the Free Docker Hardened Images and the Paid version.

Why This Is a Big Deal

Most container vulnerabilities originate from base images. Teams often inherit outdated packages, unused libraries, or poorly maintained dependencies without realizing it.

Docker Hardened Images help address that by:

  • Reducing the attack surface before you write any application code
  • Improving transparency into what is inside your images
  • Lowering the burden on platform and security teams
  • Making secure defaults accessible even to small teams and solo developers

Security becomes the baseline rather than an afterthought.

Read more

My First Docker Captain Summit Experience

by

As many of you know, I was honored to be named a Docker Captain earlier this year (2025). This week, I had the incredible opportunity to attend my very first Docker Captain Summit, and what an experience it was.

The event reminded me a bit of the Microsoft MVP Summit, but with even closer access to the Docker product teams across multiple areas. Every year, the Captain Summit takes place in a different location, bringing together Docker staff from product groups, community management, marketing, and DevRel, along with fellow Docker Captains from around the world.

At the summit, we got an inside look at Docker’s roadmap and were among the first to learn about upcoming products and initiatives. We also had the opportunity to provide direct feedback to the product teams, helping shape the future of Docker from the community’s perspective.

This year’s summit was held in Istanbul, and it was a fantastic few days of connecting with so many brilliant people. I finally met in person several Docker staff members and Captains I’ve been collaborating with online. It was also a chance to reunite with friends from Microsoft and the MVP community.

Of course, not everything we discussed can be shared publicly because of NDAs, but I can tell you that we all walked away with some exciting insights and some awesome Docker swag.

Read more

Im Speaking at BITCON 2025 – Easiest Way to Run LLMs Locally: Meet Docker Model Runner

by

🎤 I’m excited to share that I’ll be returning to BITCON in a week! I will be speaking at BITCON 2025, a gathering focused on Black voices in technology, innovation, and community. You can check out the full speaker lineup here: BITCON 2025 Speakers. The conference this year is virtual and its free. You can check out the site here: https://bitcon.blacksintechnology.net

The conference has a ton of great speakers lined up from some of the largest tech companies such as Google, Microsoft, and more. And to top it off the keynote this year is Kelsey Hightower! You dont want to miss this one.

My Session: “The Easiest Way to Run LLMs Locally: Meet Docker Model Runner”
Docker Captain: Steve Buchanan DMR session

At BITCON, I’ll be presenting “The Easiest Way to Run LLMs Locally: Meet Docker Model Runner”. In this session, I’ll look at:

  • Why run LLMs locally? The benefits in terms of cost, privacy, latency, and control
  • How Docker Model Runner simplifies things — containerizing large models, managing dependencies, and lowering friction
  • Demo and walkthrough — showing you step by step how to get a model up and running on your own machine or server
  • Best practices, pitfalls, and tips — what I’ve learned building and deploying these systems
  • Q&A / hands-on help — to get you started with your own setup

My goal is that attendees leave with a concrete, reproducible process they can apply right away.

Why It Matters

Large language models (LLMs) are powerful, but running them locally has often felt out of reach for smaller teams, indie devs, or people in resource-constrained environments. With the right tooling (like Docker Model Runner), we can lower that barrier—unlocking more experimentation, more privacy, and more control over where and how inference happens.

I believe this aligns well with the mission of BITCON: elevating voices, demystifying advanced tech, and making it accessible. I hope this talk helps bridge a gap for folks who want to explore AI locally without getting lost in infrastructure.

I am excited to be speaking at BITCON again. To learn more about my session check it out here:

BITCon Session: The Easiest Way to Run LLMs Locally: Meet Docker Model Runner

BITCON is free! Be sure to register today: HERE

Read more

Recent Blog Posts: MCP Servers, Dev, Multi-cloud Mastery, and Cloud Engineer Resumes

by

This is a shorter post, but I wanted to take a moment to share what I’ve been working on lately. Over the past few months I’ve been publishing a steady stream of blog posts on Pluralsight, covering topics across cloud, AI, JavaScript, and beyond. There’s a lot happening in tech right now, and I’ve been fortunate to collaborate with the Pluralsight team to dive into some of these exciting areas:

Check out an overview the blog posts and use the the following links to read more:

Behind the Buzzword: What is MCP (MCP Server)?
A breakdown of MCP servers and why they matter in the evolving landscape of AI.
👉 Read the post

How to Run an LLM Locally on Your Desktop
Exploring why and how you might want to run a large language model on your own machine, with a closer look at Docker Model Runner.
👉 Read the post

What to Emphasize on Your Resume as a Cloud Engineer
Tips on showcasing the skills that make cloud engineers stand out in today’s job market.
👉 Read the post

Multicloud Mastery: How to Train Teams in AWS, Azure, and GCP
Practical advice on enabling engineering teams to work across multiple clouds with confidence.
👉 Read the post

6 Cloud Cost Optimization Strategies and Tools for AWS, Azure, and GCP
A set of proven strategies and tools to help control and reduce cloud spend.
👉 Read the post

How to Add User Authentication to Your JavaScript App
A straightforward guide to securing your JavaScript applications with simple authentication techniques.
👉 Read the post

I’ll be continuing to publish more content in the months ahead, so stay tuned for future posts on cloud-native engineering, AI, and practical developer skills. If you found these articles useful, I’d love for you to check them out and share them with your network.

Read more

Docker Model Runner Blog Post

by

I’ve been spending a lot of time blogging on Pluralsight lately, and one of my recent posts covered a topic I’m genuinely excited about: running large language models (LLMs) locally. Specifically, I explored a tool called Docker Model Runner that makes this process more accessible for developers.

In the post, I broke down a few key ideas.

Why Run an LLM Locally

There’s a lot of momentum around cloud-hosted AI services, but running models locally still has its place. For many developers it means more control, quicker experimentation, and the ability to work outside of a cloud provider’s ecosystem.

Tools in This Space

Before zeroing in on Docker Model Runner, I broke down other ways developers are running models locally. The landscape is quickly evolving, and each tool has trade-offs in terms of usability, performance, and compatibility with different models.

Why Docker Model Runner

What really stood out to me with Docker Model Runner is how it lowers the barrier to entry. Instead of wrestling with environment setup, dependencies, and GPU drivers, you can pull down a container and get straight to experimenting. It leans into Docker’s strengths of portability and consistency, so whether you’re on a desktop, laptop, or even testing in a lab environment, the experience is smooth and repeatable.

For developers who are curious about LLMs but don’t want to get bogged down in infrastructure, this tool is a great starting point.

If you want the full breakdown and step-by-step details, you can check out my Pluralsight blog here:
👉 https://www.pluralsight.com/resources/blog/ai-and-data/how-run-llm-locally-desktop

Read more

First Docker.com Blog Post – Using Gordon (AI) to Containerize Your Apps and Work with Containers

by

I’m excited to share that my first official blog post as a Docker Captain has been published on the Docker blog! It’s an honor to contribute to a platform that’s been so foundational in shaping how we build, ship, and run applications today. This first piece dives into Ask Gordon, Docker’s new AI assistant that helps developers go from source code to a running container with less friction and guesswork.

In the post, I walk through how Ask Gordon makes it easier to containerize your applications, even if you’ve never written a Dockerfile before. By analyzing your source code and asking a few smart questions, Ask Gordon generates everything you need to build and run your app in a containerized environment. It’s good for beginners getting started with containers and equally valuable for experienced devs looking to speed up repetitive setup tasks.

One of the things I appreciated most about Ask Gordon is how it bridges the gap between the developer’s intent and the actual container configuration. Rather than copy-pasting snippets from docs or Stack Overflow, the AI gives you context-aware Dockerfiles, Compose files, and clear next steps for your app. It’s a great example of how AI can elevate the developer experience without overcomplicating things.

This is just the beginning of my journey as a Docker Captain, and I’m looking forward to sharing more tutorials, insights, and real-world use cases that can help developers simplify their container workflows. If you haven’t checked it out yet, give my new post a read here:
👉 Containerize Your Apps with Ask Gordon

A big thanks to the Docker team for the warm welcome and opportunity!

Read more

Officially a Docker Captain!

by

I’m excited to share some exciting news I’ve officially been recognized as a Docker Captain 🐳!

You can find my Docker Captain profile on the Docker.com website here: https://www.docker.com/captains/steve-buchanan

For those unfamiliar, Docker Captains are a group of handpicked technology leaders who are passionate about Docker and the broader container ecosystem. The program highlights community members who are not only technically sharp but also deeply committed to sharing their knowledge and supporting others in the community. I am honored to join this community of 163 captains globally and 34 in the US. This award is similar to the Microsoft MVP award. The award is annually based.

Being named a Docker Captain is a huge honor. This recognition means a lot to me especially because it’s not just about what you know, but how give back to the community and share with others. Whether it’s speaking at conferences, creating tutorials, helping others get started, or experimenting with the latest container tools, it’s about lifting the community up together!

What This Means

As a Docker Captain, I’ll have access to:

  • Private product briefings with Docker engineers and insiders.
  • Early previews of tools, templates, and content.
  • A private Slack group with other Captains around the world.
  • The opportunity to share what I create with a wider audience through Docker’s channels.
  • A chance to meet the Docker product groups and other Captains once a year.
  • And of course… exclusive Docker swag 😎.

They already sent some cool swag in the welcome package:

But above all, it’s about continuing to give back. I’ve always believed in sharing what I know and helping others level up in tech, and this just fuels that mission even more.

What’s Next

I’ll be using my blog and other platforms to

  • Publish more Docker and container content here.
  • Share real world use cases from the trenches.
  • Highlight new and lesser known tools in the Docker ecosystem (like Ask Gordon/Docker AI, which I recently blogged about).
  • Collaborate with the global Captain crew on exciting community initiatives.

Stay tuned for more. And if you’re just starting your Docker journey, or deep into production workloads, I’d love to hear from you. Let’s connect, collaborate, and continue building awesome things, one container at a time.

A special shout out to Shelley Benhoff and Eva Bojorges for helping with this with award and opportunity! Also thanks to Docker for the warm welcome and to everyone in the community who’s been part of this journey so far. 🚢

Read more

My 9th Book – The Modern Developer Experience Published on O’Reilly!

by

I’m thrilled to share that my latest book, The Modern Developer Experience (ISBN: 9781098169695), is now available on O’Reilly! 🎉It is a shorter book known as a report with 4 chapters total. You can read the book on O’Reilly’s learning platform.

I am excited about this book because in today’s fast-paced tech world, developers don’t just write code, they navigate cloud platforms, cloud native tools and frameworks, integrate AI, automate workflows, and collaborate across teams to drive innovation. This book is a deep dive into the evolving role of developers and how modern tools, frameworks, and methodologies are shaping the future of software engineering.

Here is the offical book description:

DevOps has delivered transformative changes to tooling and processes, but with it comes new layers of complexity. More modern frameworks and tools, like containers, Docker, Kubernetes, Platform Engineering, GitOps, and AI can accelerate development, but understanding their unique challenges (and how to address them effectively) can make the difference between a team that struggles and one that thrives.

This report explores how organizations can improve the developer experience (DevEx) by reducing complexity, streamlining workflows, and fostering supportive environments. Whether your organization is deeply invested in DevOps or simply looking to improve team performance, this report highlights strategies to elevate your development practices and outcomes.

Here are the chapters:
1. The Modern Developer Experience

2. Raising the Bar, Providing the Right Developer Environment

3. Using AI to Enhance DevEx

4. Developer Experience and the Secure Supply Chain

📖 Whether you’re a developer, team lead, or engineering manager, this book will help you refine your processes and create an environment where developers can thrive.

🔗 Check it out here: The Modern Developer Experience on O’Reilly

Read more

Azure Friday: Safeguard your containerized workloads using AKS backupAzure Friday:

by

I am happy to share a new episode of Azure Friday. It was an honor to appear along side Senior Product Manager Rajat Shrivastava in this episode to talk about AKS Backup. I this episode we joined Scott Hanselman to explore the functionality of AKS backup in safeguarding containerized apps and their data on AKS.

Backup is frequently overlooked, only gaining significance when a failure necessitates recovery. In the realm of Containers and Kubernetes, it is often perceived as unnecessary. However, the reality is that backups are essential even for containerized environments. Microsoft has introduced a backup solution for Azure Kubernetes Service (AKS) and its workloads, leveraging Azure Backup.

In this episode we dove into the importance of backing up containers, even when they are predominantly stateless. The episode sheds light on why safeguarding containers is crucial and provides insights into the workings of AKS backup in ensuring the protection of workloads running on AKS.

In the episode we also explore questions you may have about backing up K8s and we dive into demos showing how to protect AKS with AKS backup and how to do a restore. We even took time to answer this common question “Do I really need to backup my K8s cluster if I am running stateless apps & have everything in code i.e. IaC, CI/CD, or GitOps?”. The answer is yes. In fact one should think of it this way: “GitOps & K8s Backup are like Seatbelts & Airbags”. Here is a graphic to break this down further:

You can check out the episode here:

Addtional resources on AKS and AKS Backup:
■ Backup for AKS: Cloud native, Enterprise ready, Kubernetes aware backup – https://aka.ms/azfr/766/01
■ What is Azure Kubernetes Service backup? – https://aka.ms/azfr/766/02
■ Cluster extensions – https://aka.ms/azfr/766/03
■ Prerequisites for Azure Kubernetes Service backup using Azure Backup – https://aka.ms/azfr/766/04
■ Create a Pay-as-You-Go account (Azure) – https://aka.ms/azfr/766/payg
■ Create a free account (Azure) – https://aka.ms/azfr/766/free

Read more

From SysAdmin to Platform Engineer with Steve Buchanan on RunAsRadio

by

I was recently a guest on the RunAsRadio podcast. This was the second time being on the show. The last time was 4 years ago. You can catch the old episode here: Terraform vs Bicep/ARM with Steve Buchanan.

This new episode is #924 and is titled: “From SysAdmin to Platform Engineer with Steve Buchanan“. On this new episode we talked about Platform Engineering and a bunch of other stuff.

Here is the description from the episode:

Aren’t we all platform engineers? Steve Buchanan says yes!

But there’s more to it. Steve talks about the mindset of looking beyond individual products that we might have skills with and owning the entire problem of providing platforms for your organization to get work done.

The conversation dives into the many products that can help our applications function better and the challenge of making them secure and fast. Are containers the solution? Possibly!

It’s your platform; focus on the fundamentals and go further!

I had a great time chatting with Richard and we didn’t even mention AI until 40 minutes in. haha

You can check out the episode here:

https://runasradio.com/Shows/Show/924

or here:

Read more