Documentation
Open Cloudsmith

Integrations

Integrating with Docker Hardened Images

How to integrate with Docker Hardened Images using Cloudsmith

Docker Hardened Images (DHI), are minimal, secure, and production-ready container base and application images maintained by Docker. Designed to reduce vulnerabilities and simplify compliance, DHI integrates easily into your existing Docker-based workflows with little to no retooling required.

You can retrieve these images through Cloudsmith by enabling an upstream to DHI.

Docker offers both a free tier registry (dhi.io) containing developer images and a DHI Enterprise tier which provides features like FIPS or STIG compliance variants, customization capabilities, or SLA-backed support. DHI Enterprise allows for images to be mirrored to a private organization.

Adding DHI as an Upstream

Here's how you can integrate the DHI Registry into your Cloudsmith account:

  1. Configure Upstream Proxying
    In your Cloudsmith repository, go to the Upstream Proxying settings.
    Click the green "Create Upstream" button and select the Docker format.
    Provide a descriptive name for the upstream, e.g., DHI Registry, and specify the URL for the Docker Registry.
    Enter the DHI Registry URL:
    • For free tier DHI images: https://dhi.io.
    • For mirrored DHI Enterprise images, you can pull through both https://dhi.io or a standard DockerHub integration by specifying your Docker organization in the image path (mydockerorg/dhi-node:latest). Set the desired priority.
      Select Cache and Proxy.
  2. Configure SSL Certificate Verification
    Ensure SSL certificates are verified for added security, especially for public sources.
  3. Authentication and Headers
    DHI requires authentication or additional headers; provide them in the respective fields.

Pull a DHI Image with Docker Native Tooling

Here's an example of how you would pull the node Docker Hardened image into Cloudsmith after you've configured your Cloudsmith upstream for DHI:

  1. Configure your Cloudsmith upstream for DHI using the instructions above.
  2. Ensure Docker is installed on your system. If not, go here to get started with Docker.
  3. Open a terminal.
  4. Login to Docker with your Cloudsmith username and token, with the command: docker login docker.cloudsmith.io
  5. Pull the DHI node image by running:
    docker pull docker.cloudsmith.io/WORKSPACE/REPOSITORY/node:20-alpine3.22
    Note: Replace WORKSPACE and REPOSITORY with your Cloudsmith workspace and repository, respectively.
  6. Check your Cloudsmith repository to find the newly added DHI node image.