CLOUD SECURITY LAB

[Security] Docker’s Game Changer! DHI (Docker Hardened Images) Goes Completely Free – Even for Enterprises? πŸ³πŸ›‘οΈ

β€”

by

cslab
in

Hello! Today, I’ve brought you some hot news that’s set to shake up the cloud-native security market. It’s about a policy change regarding Docker’s ambitious DHI (Docker Hardened Images).

To get straight to the point, enterprises can now use DHI for free! 🎊

For those who’ve been thinking, “Security is good, but the cost is a bit much…”, please pay attention. We’ll delve into what decision Docker made as of December 2025, and how the free version differs from the paid Enterprise version! πŸ•΅οΈβ€β™‚οΈ

image

1. What’s all the fuss about DHI? πŸ€”

DHI (Docker Hardened Images) can be simply described as ‘Docker images that have been put on a diet and given a bulletproof vest’.

The base images we commonly use (like Debian, Alpine, etc.) often contain more unnecessary packages than you’d think, which increases the risk of exposure to security vulnerabilities (CVEs). DHI removes all of these, resulting in a very clean and robust image that reduces the attack surface by up to 95%.

  • Near-zero vulnerabilities: Only verified packages are used at build time.
  • SBOM provided: Software Bill of Materials is included by default to enhance transparency.
  • SLSA Level 3 certified: The build process itself is proven to be secure.

2. The truth about “complete free release”: Is it free for companies too? πŸ†“

Originally, DHI was a paid subscriber-only service when it launched in May 2025. However, on December 17, 2025, Docker revised its strategy and released over 1,000 hardened images completely free under the Apache 2.0 license.

“Now, individual developers, as well as startups and large enterprises, can use DHI for commercial purposes for free.”

This means that you can use DHI as a base image for your company’s services without any additional cost! πŸ‘

3. Then why does ‘DHI Enterprise’ (paid) exist? 🧐

You might think, “If it’s all free, who would pay for Enterprise?” However, in an enterprise environment, ‘responsibility’ and ‘compliance’ can sometimes be more important than money. The Enterprise version provides powerful ‘backup’ as follows:

Category DHI Free DHI Enterprise (Paid)
SLA (Patch Guarantee) Patch schedule not guaranteed Critical vulnerabilities patched within 7 days
Special Compliance General security hardening FIPS 140-3, STIG certified images provided
Extended Lifecycle Support (ELS) Patching stops at end of support Up to 5 years additional security support (optional)
Automation Tools Manual management and build Integration with Docker build infrastructure and automatic rebuilds

One-line summary: “Using the images is free, but if you need a ‘guarantee of quick fixes’ and ‘government-regulated certifications,’ you have to pay!” This is the strategy. πŸ’‘

4. Practical Application ExampleπŸ’»

Using the free DHI images is very simple. Just like finding existing images, access https://hub.docker.com and search for the desired image. Here, we’ll search for nginx.

image1

Navigate to the Images tab, where you can find locked paid images and free-to-use images. You can also check for the presence of a Package manager and Shell to enhance security.

image2

Here, we’ll use an image without both a Package manager and Shell. This image is in a very good state with no vulnerabilities. Click on this image and then the “Use this Image” button to get instructions on how to pull and log in.

image3

Follow this guide to perform the login. Logging in is possible via the PAT method, just like logging into the existing hub.docker.com. 

# Perform login with the following command
docker login dhi.io -u <username>

# Download image
docker pull dhi.io/nginx:1

# Start nginx service using the image
docker run -d -p 8080:8080 --name nx dhi.io/nginx:1

Just by making this change, your container security score will significantly increase. πŸ“ˆ

Conclusion: Security is no longer an option, but a necessity! πŸ›‘οΈ

Docker’s reason for making DHI free is clear: to make Supply Chain Security an industry standard.

If your company’s project isn’t subject to strict regulations like those in the financial sector or government projects, I strongly recommend switching to free DHI images right now. It costs 0 won, but significantly reduces the risk of security incidents! πŸš€

I hope today’s news has been a great help to your cloud infrastructure security.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *