.png)
TL;DR: Aikido and Root have teamed up to deliver hardened container images that fix vulnerabilities fast while letting you keep your current base image. Patch timelines shrink from months to minutes. More about the launch below, or check out our docs.
Keeping containers secure isn’t as simple as “just update.” While it sounds straightforward, anyone who’s tried it in a real app knows it’s far from easy. Simply bumping to the latest image can shatter your build, break runtime dependencies, and introduce subtle bugs that only appear in production. You’re often forced to choose between shipping vulnerabilities or spending days untangling version conflicts and retesting everything. (More on why this is so tricky here.)
Aikido Container Autofix
We’ve already made container security easier with our original Autofix. You can upgrade your base image in one click, without switching to a new image or relying on an external hardened build.
It’s a practical, cost-effective choice that just works:
- Your base image stays yours
- No infrastructure changes or vendor lock-in
- Transparent, straightforward upgrades
Taking Autofix to the next level
If you want to go further and add an extra layer of security, you can now Autofix to pre-hardened image through our new Root.io integration.
We’ve partnered with Root.io to bring hardened container images into Aikido’s Autofix. This means you can keep your current base image and still get critical security patches, even if the official maintainers haven’t released fixes yet. It cuts patch timelines from months to minutes.
Why it matters
When a new CVE drops, the default advice is “just upgrade.” In reality:
- You’re often locked into a specific OS or base version.
- Some vulnerabilities have no upstream patches.
- Upgrades can introduce breaking changes and unexpected bugs.
- Retesting everything slows you down and delays releases.
Hardened images let you stay on your trusted base image and still get essential security fixes.
Take CVE-2025-4373 as an example. Debian patched it in Trixie and Sid but not in Bookworm. Our hardened debian:bookworm image includes a patched glib2.0, so you fix the vuln without migrating or rewriting anything.
What you get
With Aikido x Root.io, you no longer have to choose between security and stability.
When Aikido scans your containers, AutoFix now suggests a hardened image if it can fix the vulnerabilities it finds.
With this, you get:
- Pre-built images that match your current stack
- Continuously patched and maintained by Root.io
- Hosted on
docker.aikido.io, ready to drop into your Dockerfile - No changes to your code or build pipeline
- Fast fixes without risky upgrades
- Less time spent patching and debugging
- More time to focus on building, not firefighting
These hardened images work with any image variant, integrate into your existing CI/CD workflows, and are compatible with tools like Trivy, GitHub, GitLab, and Docker Desktop. You don’t need to rebuild, migrate, or change your tooling.
In one example, switching to a hardened Debian Bookworm image cleared 75 vulnerabilities in a single move without breaking the app.
.png)
Built for developers
Hardened images are here to make your life easier. You don’t have to become a distro expert or spend weeks chasing patches. You keep your stack stable, your security team happy, and your product moving forward.
In short: fix CVEs without fixing your workflow.
Start using hardened images in Aikido today and see how easy container security can be. Get started here →
.avif)
