Skip to main content
Use the Minimus supply chain to govern package installations and enforce stronger security standards. Public repositories such as npm and pypi are frequent targets for malicious package uploads. The Minimus supply chain helps mitigate the risk with minimal setup.

Using the Minimus Supply Chain

1

Select an image to protect

Select a Minimus image from the list. Your selection will return the relevant Dockerfile snippet. Currently supported:
  • Node and Node-FIPS
  • Python and Python-FIPS
2

Save code to Dockerfile

Copy the provided code from the Minimus console and add it to your Dockerfile. The code will ensure that you use the Minimus image for the FROM statement and install packages from the Minimus secure repository. In this repository, only packages and versions that have passed the checks and security thresholds will be available.For Node projects:
FROM reg.mini.dev/node
    
# Use Minimus secure npm repository
RUN npm config set registry https://npm.mini.dev/
    
# Continue with your app setup
COPY package*.json ./
RUN npm ci --no-audit
CMD ["node", "app.js"]
For Python projects:
FROM reg.mini.dev/python

# Use Minimus secure PyPI repository (Devpi gateway)
RUN pip config set global.index-url https://pypi.mini.dev/root/pypi/+simple/

# Continue with your app setup
COPY requirements.txt .
RUN pip install -r requirements.txt
CMD ["python", "app.py"]
For FIPS-compliant workloads, use reg.mini.dev/node-fips or reg.mini.dev/python-fips
3

Edit the image version (optional)

The provided code snippet uses the latest Minimus image by default, but you can edit it to use a specific release or any image version instead.
4

Build the Dockerfile

Build your app as usual. The provided code is only a recommendation. Note the tag --pull to avoid cached images. About pull policy recommendations
docker build --pull -t secure:latest .