Docker Sandbox project.

A Docker sandbox gives you a safe, disposable environment to experiment, build, or let automated tools run without risking your real system. It’s becoming an essential part of modern development workflows, especially as coding agents and cloud‑based tooling evolve. Docker

What a Docker sandbox actually is

A Docker sandbox is an isolated execution environment that behaves like a lightweight, temporary machine. It lets you run containers, install packages, modify configurations, and test ideas freely—while keeping your host system untouched. Modern implementations often use microVMs to provide stronger isolation than traditional containers, giving you the flexibility of a full system with the safety of a sealed box.

Key characteristics include:

• Isolation — Your experiments can’t affect your host OS.
• Disposability — You can reset or destroy the environment instantly.
• Reproducibility — Every sandbox starts from a known, clean state.
• Autonomy — Tools and agents can run unattended without permission prompts.

Why Docker sandboxes matter now

The rise of coding agents and automated development tools has created new demands. These agents need to run commands, install dependencies, and even use Docker themselves. Traditional approaches—like OS‑level sandboxing or full virtual machines—either interrupt workflows or are too heavy. Docker sandboxes solve this by offering:

• A real system for agents to work in
• The ability to run Docker inside the sandbox
• A consistent environment across platforms
• Fast resets for iterative development

This makes them ideal for AI‑assisted coding, CI/CD experimentation, and secure testing.

Where you can use Docker sandboxes today

Several platforms now offer browser‑based or cloud‑hosted Docker sandboxes, making it easy to experiment without installing anything locally.

• Docker Sandboxes (Docker Inc.) — Purpose‑built for coding agents, using microVM isolation.
• CodeSandbox Docker environments — Interactive online playgrounds where you can fork, edit, and run Docker‑based projects directly in the browser. CodeSandbox
• LabEx Online Docker Playground — A full Docker terminal running on Ubuntu 22.04, ideal for learning and hands‑on practice, especially as Play with Docker winds down. LabEx

These platforms remove setup friction and let you focus on learning, testing, or building.

How developers typically use Docker sandboxes

A Docker sandbox fits naturally into several workflows:

• Learning Docker — Practice commands, build images, and explore networking without installing anything.
• Testing risky changes — Try new packages, configs, or scripts without fear of breaking your machine.
• Running coding agents — Give AI tools a safe environment to operate autonomously.
• Prototyping microservices — Spin up isolated services quickly and tear them down just as fast.
• Teaching and workshops — Provide a consistent environment for all participants.

A non‑obvious advantage

Docker sandboxes aren’t just about safety—they’re about speed of iteration. Because they reset instantly and start from a known state, they eliminate the “works on my machine” problem and make experimentation frictionless. This is especially powerful when combined with automated tools or when onboarding new team members.

Closing thought

Docker sandboxes are becoming a foundational tool for modern development—combining safety, speed, and autonomy in a way that traditional containers or VMs alone can’t match. They’re especially valuable if you’re experimenting with AI‑driven coding tools or want a clean, reproducible environment for testing.
Important: Use Docker Sandboxes for testing.

Claude Code sandbox

It works great with VSCode and with Copilot.

More information about Docker Sandbox

 

The Rise of Free Hardened Docker Images: A New Security Baseline for Developers and DevOps

Containerization has become the backbone of modern software delivery. But as adoption has exploded, so has the attack surface. Vulnerable base images, outdated dependencies, and misconfigured runtimes have quietly become some of the most common entry points for supply‑chain attacks.

The industry has been asking for a better baseline—something secure by default, continuously maintained, and frictionless for teams to adopt. And now we’re finally seeing it: free hardened Docker images becoming widely available from major vendors and open‑source security communities.

This shift isn’t just a convenience upgrade. It’s a fundamental change in how we think about container security.

Why Hardened Images Matter More Than Ever

A “hardened” image isn’t just a slimmer version of a base OS. It’s a container that has been:

• Stripped of unnecessary packages
  Fewer binaries = fewer vulnerabilities.
• Built with secure defaults
  Non‑root users, locked‑down permissions, and minimized attack surface.
• Continuously scanned and patched
  Automated pipelines ensure CVEs are fixed quickly.
• Cryptographically signed
  So you can verify provenance and integrity before deployment.
• Aligned with compliance frameworks
  CIS Benchmarks, NIST 800‑190, and other standards are increasingly baked in.

For developers, this means fewer surprises during security reviews. For DevOps teams, it means fewer late‑night patch cycles and fewer emergency rebuilds.

What’s New About the Latest Generation of Free Hardened Images

The newest wave of hardened images goes far beyond the “minimal OS” approach of the past. Here’s what’s changing:

1. Hardened Language Runtimes

We’re seeing secure-by-default images for:

• Python
• Node.js
• Go
• Java
• .NET
• Rust

These images often include:

• Preconfigured non‑root users
• Read‑only root filesystems
• Mandatory access control profiles
• Reduced dependency trees

2. Automated SBOMs (Software Bills of Materials)

Every image now ships with a machine‑readable SBOM.
This gives you:

• Full visibility into dependencies
• Faster vulnerability triage
• Easier compliance reporting

SBOMs are no longer optional—they’re becoming a standard part of secure supply chains.

3. Built‑in Image Signing and Verification

Tools like Sigstore Cosign, Notary v2, and Docker Content Trust are now integrated directly into image pipelines.

This means you can enforce:

• “Only signed images may run” policies
• Zero‑trust container admission
• Immutable deployment guarantees

4. Continuous Hardening Pipelines

Instead of waiting for monthly rebuilds, hardened images are now updated:

• Daily
• Automatically
• With CVE‑aware rebuild triggers

This dramatically reduces the window of exposure for newly discovered vulnerabilities.

Read the complete blogpost about a Safer Container Ecosystem with Docker: Free Docker Hardened Images here

Docker Desktop for Windows update 4.39.0

Introduction
Docker Desktop 4.39.0 is here, bringing a host of new features designed to enhance developer productivity, streamline workflows, and improve security. This release continues Docker’s commitment to providing efficient, secure, and reliable tools for building, sharing, and running applications.

Key Features in Docker Desktop 4.39.0

1. Docker AI Agent with Model Context Protocol (MCP) and Kubernetes Support
   • The Docker AI Agent, introduced in previous versions, has been upgraded to support MCP and Kubernetes. MCP enables AI-powered applications to access external data sources, perform operations with third-party services, and interact with local filesystems. Kubernetes support allows the AI Agent to manage namespaces, deploy services, and analyze pod logs.
2. General Availability of Docker Desktop CLI
   • The Docker Desktop CLI is now officially available, offering developers a powerful command-line interface for managing containers, images, and volumes. The new docker desktop logs command simplifies log management.
3. Platform Flag for Multi-Platform Image Management
   • Docker Desktop now supports the –platform flag on docker load and docker save commands, enabling seamless import and export of multi-platform images.
4. Enhanced Containerization Across Programming Languages
   • The Docker AI Agent can now containerize applications written in JavaScript, Python, Go, C#, and more. It analyzes projects to identify services, programming languages, and package managers, making containerization effortless.
5. Security Improvements
   • Docker Desktop 4.39.0 addresses critical vulnerabilities, such as CVE-2025-1696, ensuring proxy authentication credentials are no longer exposed in plaintext.

Docker Scout Security

Why These Features Matter

• Developer Productivity: The upgraded Docker AI Agent simplifies container management and troubleshooting, saving developers time and effort.
• Multi-Platform Flexibility: The –platform flag ensures compatibility across diverse environments, making Docker Desktop a versatile tool for modern development.
• Enhanced Security: By addressing vulnerabilities, Docker Desktop 4.39.0 reinforces its position as a secure platform for application development.

Conclusion
Docker Desktop 4.39.0 is a significant step forward, offering smarter tools, improved security, and greater flexibility for developers. Whether you’re managing Kubernetes clusters or containerizing applications, this release has something for everyone.

For more details, you can explore the official Docker blog or the release notes

 

Install the Newest Docker Desktop version 4.38.0

Docker released a New Docker Desktop version 4.38.0 with new features:

• nstalling Docker Desktop via the PKG installer is now generally available.
• Enforcing sign-in via configuration profiles is now generally available.
• Docker Compose, Docker Scout, the Docker CLI, and Ask Gordon can now be updated independently of Docker Desktop and without a full restart (Beta).
• The new update command has been added to the Docker Desktop CLI (Mac only).
• Bake is now generally available, with support for entitlements and composable attributes.
• You can now create multi-node Kubernetes clusters in Docker Desktop.
• Ask Gordon is more widely available. It is still in Beta.

In the following steps I’m upgrading my Docker Desktop Kubernetes 1-Node Cluster to a 4-Node Kubernetes Cluster:

Go to Settings in Docker Desktop and click on Kubernetes

Click on Kind.
Here you can select the Kubernetes version and how much nodes you need.

IMPORTANT: This will create a new Kubernetes Cluster!
(the old 1-node cluster will be gone)

Creating 4-Node Kubernetes Cluster in Docker Desktop

4-Node Kubernetes Cluster running in Docker Desktop

When you have “Show System Containers” in Settings at Kubernetes on
then you see these 4-Nodes here in VSCode.

Happy Coding

 

Simple install of GitHub Copilot Free edition in VSCode
More information in the Marketplace here

GitHub Copilot free for VSCode

GitHub Copilot Free edition for Microsoft VSCode is very handy to get started with Infrastructure as Code (IaC) and make your own deployment scripts for Azure Cloud Services.

Here I asked for a bicep deployment script to deploy a Windows Server Insider Build into Azure Cloud.

What I really like is GitHub Copilot free speech extension in VSCode.
Now I can just Talk to Copilot and get the job done

Here you find all the information you need about GitHub Copilot free for VSCode

Conclusion

GitHub Copilot free in VSCode is a very handy AI tool to save time in your project and can support your work.
Copilot can make mistakes by using wrong information or data, that’s why you have always do the checks yourself and test first before you use it in production. Happy Infrastructure as Code with GitHub Copilot Free edition for VSCode

Docker for Windows Update

When you want to work with containers and Microsoft Visual Studio Code
Docker Desktop for Windows is awesome to work with on your pc. Docker Desktop is a one-click-install application for your Mac, Linux, or Windows environment that lets you build, share, and run containerized applications and microservices. You can work with docker container images from Hub here
But you can also work with Docker Desktop for Windows Kubernetes containers.
I like to work with Docker Desktop for Windows because it’s easy to manage and updates works fine with good documentation on fixes and changes.

Software Updates Overview

Installing New Update 4.33.1

Unpacking Files

Starting New docker Engine

Docker Desktop for Windows and Kubernetes are running again.

Docker Desktop for Windows is up-to-date.

What’s New in this Release.
Here you find the Release notes from Docker

Okay but what is next? Here you find the Docker road map