The Minimus Blog

Understand NIS2 requirements for container workloads, from supply chain security to CVE management and audit-ready compliance controls.

AI is changing how vulnerabilities are found, not how they’re fixed. Defenders need a new approach: shrinking the attack surface before vulnerabilities exist.

DORA compliance for container workloads explained, with practical implementation guidance for platform engineers and ICT vendors.

Learn how to scale CIS hardening with automation, SBOMs, and minimal images across container environments.

A guide to CIS hardened images, how CIS benchmarks translate to containers, and what changes in a containerized environment.

Distroless images remove shells & package managers. Hardened images add patching, SBOMs & compliance. Learn when to use each with Minimus.

Learn how to reduce container attack surfaces: build minimal bases, harden Dockerfiles, scan in CI/CD, enforce Kubernetes controls, and use SBOMs.

Chainguard alternatives for hardened container images: minimal bases, continuous rebuilds, SBOMs, CVE reduction, and compliance-ready images

What near zero CVE images are and are not, why they matter for security and compliance, and how to get there with multi-stage builds, scanning, SBOMs, and VEXs.

Learn how to build zero-CVE container images using minimal bases, automated rebuilds, SBOMs, and VEX while keeping pipelines fast and secure.

Learn how to prevent software supply chain attacks. Covers SBOMs, SLSA levels, Sigstore signing, KEV-based CVE prioritization, and hardening CI/CD pipelines.

Trivy v0.69.4 supply chain attack explained. Learn what happened, how to tell if you're impacted, and what steps to take to protect your data.

Learn how container runtimes work, why static vs dynamic binaries matter, and how runtime isolation affects container security and reliability.

Understand what’s inside your container image. Minimus images start without unnecessary packages to reduce image size and eliminate vulnerabilities.

What are hardened container images? Learn how they reduce vulnerabilities, minimize attack surface, and strengthen container security.

Monitor platform access, token changes, and custom image activity with the Minimus Activity Log. Built-in visibility and auditability for hardened images.

Go CVEs are inevitable. Slow remediation isn’t. Minimus' minimal, source-built images reduce risk and fix critical vulnerabilities in hours.

Minimal distroless images offer more than security benefits. Smaller images cut infrastructure costs, speed CI/CD, and improve performance across environments.

Running OpenClaw? Your container image might be insecure. Learn how Minimus reduces OpenClaw CVEs by 99% while keeping the same functionality.

Build Zero Trust from the image up. Minimus hardened containers deliver verifiable builds, minimal attack surface, and signed artifacts for a secure foundation.

Minimus RBAC replaces manual permissions with Viewer, Operator, and Admin roles, improving security, auditability, and operational efficiency.

Go beyond base image compliance with application-level hardening. Minimus delivers pre-hardened images and audit-ready validation.

This post breaks down CVE-2026-22039, a Kyverno authorization bypass that allows cross-namespace resource access in Kubernetes clusters.

Go beyond version tags. See exactly what changed in container images, compare digests, and decide when to update using Minimus detailed changelogs.

See how file bundling in Minimus Image Creator lets teams include certificates and config files in private images without managing separate builds.

A practical guide to using CBOMs in containerized environments, covering data formats, tools, and cryptographic risk management.

Learn what a Cryptographic Bill of Materials (CBOM) is, how it complements SBOMs, and why cryptographic visibility matters for container image security.

Learn why distroless images are more secure and how to migrate from distro-based images to distroless with Minimus, without breaking existing workflows.

What happened and how Sha1-Hulud 2.0 works: a second-gen supply chain worm infecting npm packages, harvesting credentials, and replicating across GitHub.

Understand the three paths to FIPS 140-3 validation for container images and how each impacts security, compliance, maintenance, and audit readiness.

Understand FIPS 140-3, how validation works, and why it’s essential for securing container images and meeting modern compliance standards.

Read this for a breakdown of new runC CVEs, their exploitability, affected versions, and how to patch and mitigate.

Build and customize your own hardened container images with Minimus' Image Creator, now generally available.

MinIO announced they will no longer publish free Docker images to Docker Hub. For teams affected by these changes, Minimus provides a secure MinIO alternative.

Secure Kubernetes deployments with Kyverno by enforcing Minimus hardened base images, reducing vulnerabilities and improving compliance.

Build custom minimal container images from hardened base images and 20k+ packages - with the security, updates, and compliance benefits of all Minimus images.

Learn what FIPS is, why FIPS compliance matters for developers, and tips for building and maintaining FIPS-compliant containers.

Mean Time to CVE reframes container security metrics by focusing on the frequency of new vulnerabilities, instead of just amount, to better predict future risk.

Bitnami has moved most images and Helm charts behind a paywall. Learn what’s changing, how to navigate it, and explore Minimus as a drop-in alternative.

Learn about popular open source vulnerability scanners, and how using them alongside secure base images like Minimus simplifies vulnerability management.

Minimus customers can now view at an image level, or across their environment, the specific compliance regimes and controls image configurations are mapped to. 

Minimus hardened Helm charts are already configured to use Minimus images, making it easy to deploy secure application stacks.

VEX in Minimus gives teams a clear picture of which vulnerabilities impact them and helps reduce time and manual work required to confirm vulnerability status.

New from Minimus: Compliance dashboards, VEX, hardened helm charts, and Microsoft SSO. Secure container deployment just got easier for teams at scale.

Minimus container images avoid 95% of CVEs and support secure, compliant delivery in regulated, air-gapped, and fast-moving environments.

Minimus container images help retailers secure cloud and edge workloads, reduce vulnerabilities by 95%, and simplify PCI DSS compliance at scale.

Minimus container images are now publicly available on Iron Bank, the U.S. Department of Defense's repository of digitally signed, hardened container images.

Minimus images simplify HIPAA compliance with secure-by-default containers, real-time risk management, and full supply chain transparency.

The Cyber Resilience Act shifts security responsibility to vendors. Learn how it impacts open source software use and how to reduce your risk.

We’re excited to announce a new partnership with Wiz. Combine Wiz’s comprehensive visibility with Minimus’s secure-by-default images for end-to-end security.

Secure your software supply chain with Minimus: trusted container images, real-time threat intelligence, and full visibility for developers and security teams.

Minimus' vulnerability intelligence helps you assess risk, prioritize action, and maintain visibility with detailed advisories and per-image CVE tracking.

Learn how Minimus helps financial institutions reduce CVEs by 95% and simplify compliance—even in air-gapped and highly regulated deployments.

Automate workflows and stay informed with Minimus Action Providers. Trigger alerts, scans, and updates across your tools when container changes happen.

In this week’s release, we’ve focused on improvements to our actions, advisories, integrations, as well as updating the frontend of the Minimus web console.

Learn how Minimus hardened container images align with NIST SP 800-190, reducing vulnerabilities and simplifying compliance.

Meet Sean Reardon—learn what brought Sean to Minimus and what he thinks the key is to building strong relationships with customers.

Simplify FedRAMP compliance with Minimus: secure, minimal container images, automated remediation, and full compatibility with air-gapped environments.

Maya Even-Shani shares her journey to Minimus, insights on product leadership, and what makes Minimus images an easy win for security teams.

Ben Bernstein shares why Minimus was built, how it simplifies security, and how it helps developers reclaim time by reducing vulnerabilities by 95%.

In this “Meet the Team” Q&A, we talked with Neil Carpenter, who joined the solutions architecture team at Minimus at the beginning of April.

Yoav Leitersdorf and Ben Bernstein discuss the story behind Minimus, their vision for security, and key insights from their journeys as founders and leaders.

Standard Nginx images often include unused packages that introduce hidden vulnerabilities. Learn how using a minimal nginx image can reduce your attack surface.

Curious where our 95% CVE reduction claim comes from? Here's the data and stats behind that and more.

Read the press release announcing Minimus' exit from stealth.

Minimus is now generally available. Avoid 95% of CVEs with our secure, minimal container images. Get started today.

Software composition analysis (SCA) finds CVEs and license risk in open source dependencies. How SCA works, tools, SDLC integration, best practices.

CVE remediation combines CVSS, EPSS, and CISA KEV signals to prioritize fixes. Learn the lifecycle, container-specific workflows, and tools that work in 2026.

SBOMs signing and hardened images show how to reduce dependency risk and secure your software supply chain from source to production

Minimal base images cut attack surface, reduce CVEs, improve SBOM clarity, and strengthen container security using multi-stage builds and automation.