# AutoFix for Containers: Using Aikido Hardened Images

Updating to the latest version of a base image can be a difficult task as it might required changes to your application. When updating to a newer base image is not a viable option, you can stay secure by using Aikido Extended Lifetime Support (i.e. hardened images).

Aikido maintains a registry of base images containing patched versions of libraries with reported **CRITICAL** or **HIGH** severity security issues. When you accept an AutoFix suggestion to use a hardened (or **ELS** - Extended Lifecycle Support) image, the hardened image from the Aikido registry replaces the existing base image in your Dockerfile.

For example [CVE-2025-4373](https://security-tracker.debian.org/tracker/CVE-2025-4373) is fixed by Debian in Trixie and Sid but not in Bookworm. Our ELS `debian:bookworm` image contains a patched version of `glib2.0` that fixes this vulnerability. Using this image avoids breaking changes while maintaining a good security posture.

The Aikido-maintained ELS images are created by Root ([root.io](https://root.io/)). Root eliminates vulnerabilities in container images by automatically remediating issues and patching affected packages. That means the ELS images you use are continuously kept up to date, with AutoFix suggesting updates as appropriate.

## Using Hardened/ELS images with AutoFix

1. In Aikido, navigate to **Containers**. For a container with security issues, select the kebab menu for that entry and click **Preview AutoFix** (if AutoFix is available for that issue).
   1. **Note:** You can alternatively navigate to **AutoFix > Containers** and click **View Fix** under the **Status** column for that issue.
2. Aikido AutoFix for containers will automatically propose an ELS image when available. The image is hosted on `docker.aikido.io` .

<figure><img src="/files/p8Y44oS0HNGl64pju91E" alt=""><figcaption></figcaption></figure>

In this example we see a Dockerfile using a `debian:bookworm` base image. Updating the base image to the ELS version solves 75 issues present in that version of the base image that were not remediated by the Debian maintainers.

3. Select **Create PR** to open a pull request in your SCM to apply the fix. You can also click **Copy fixed file** to manually apply the change to your Dockerfile.

## Extended Lifetime Support image availability

In Aikido, you can view which base images have supported ELS versions from the **AutoFix** > **Containers** page >

<figure><img src="/files/Of4jLtZqps5iXtibTHSY" alt=""><figcaption></figcaption></figure>

All image are available for both `amd64` and `arm64` architectures.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/autofix-and-remediation/scope/autofix-for-containers-using-hardened-images.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.