Docker Retires Its Original Image Signing Tool

Docker is retiring its original Content Trust security feature. Teams must now migrate to modern alternatives to ensure software supply chain security.

Docker is officially retiring its original image security feature, Docker Content Trust (DCT), along with the Notary v1 service that powers it. First introduced a decade ago, DCT was one of the earliest tools for signing container images, allowing teams to verify an image's publisher and ensure its integrity had not been compromised. It played a foundational role in establishing the importance of software supply chain security within the container ecosystem. The company had previously announced the full retirement would take place in July 2025, and is now providing clear guidance for users to transition away from the legacy system. This move is part of a broader effort to embrace more modern, flexible, and widely adopted security standards that have emerged since DCT was first created.

The retirement of Docker Content Trust directly affects any developer, operations team, or security professional who currently relies on it to secure their container workflows. For these users, DCT has been a critical guardrail, preventing the deployment of unauthorized or tampered images in development and production environments. Continuing to use the feature is no longer a viable option, and failing to migrate to a new solution introduces significant security risks. Organizations must now audit their CI/CD pipelines and container registries to identify where DCT is being used. This change requires a proactive effort to update security policies and tooling to maintain a strong software supply chain security posture and avoid disruptions to deployment processes.

The path forward involves migrating to modern image signing and verification solutions. While DCT was a pioneer, the industry has since developed more robust and interoperable standards. Docker is encouraging users to adopt these newer technologies to secure their container images. This transition reflects the natural evolution of cybersecurity practices, where tools must constantly adapt to new threats and better methodologies. By moving away from a proprietary, aging system, the ecosystem can rally around open standards that offer greater flexibility and stronger security guarantees for the entire software development lifecycle. This shift ultimately helps organizations build more resilient and trustworthy applications.

This is a breaking change for a core security feature in a foundational developer tool, forcing teams to adopt modern standards for software supply chain security to avoid significant risks.

Organizations using Docker Content Trust must allocate resources to audit their systems and migrate to new security tools to prevent potential breaches and disruptions to their software deployment pipelines.