> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minimus.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Supply Chain

> Set up guardrails when installing packages based on age, download reputation and more

Use the Minimus supply chain to govern package installations and enforce stronger security standards. Public repositories such as npm and pypi are frequent targets for malicious package uploads. The Minimus supply chain helps mitigate the risk with minimal setup.

<Info>
  This feature is available in **Preview mode**. Previews offer a glimpse of upcoming features that are still in development.
</Info>

## Using the Minimus Supply Chain

<Steps>
  <Step title="Select an image to protect">
    Select a Minimus image from the list. Your selection will return the relevant Dockerfile snippet. Currently supported:

    * Node and Node-FIPS
    * Python and Python-FIPS
  </Step>

  <Step title="Save code to Dockerfile">
    Copy the provided code from the Minimus console and add it to your Dockerfile. The code will ensure that you use the Minimus image for the FROM statement and install packages from the Minimus secure repository. In this repository, only packages and versions that have passed the checks and security thresholds will be available.

    <CodeGroup>
      ```bash Node projects theme={null}
      FROM reg.mini.dev/node
          
      # Use Minimus secure npm repository
      RUN npm config set registry https://npm.mini.dev/
          
      # Continue with your app setup
      COPY package*.json ./
      RUN npm ci --no-audit
      CMD ["node", "app.js"]
      ```

      ```bash Python projects theme={null}
      FROM reg.mini.dev/python

      # Use Minimus secure PyPI repository (Devpi gateway)
      RUN pip config set global.index-url https://pypi.mini.dev/root/pypi/+simple/

      # Continue with your app setup
      COPY requirements.txt .
      RUN pip install -r requirements.txt
      CMD ["python", "app.py"]
      ```
    </CodeGroup>

    For FIPS-compliant workloads, use `reg.mini.dev/node-fips` or `reg.mini.dev/python-fips`.
  </Step>

  <Step title="Edit the image version (optional)">
    The provided code snippet uses the latest Minimus image by default, but you can edit it to use a specific release or another image version instead.
  </Step>

  <Step title="Build the Dockerfile">
    Build your app as usual. The provided code is only a recommendation. Note the tag `--pull` to avoid cached images. [About pull policy recommendations](/foundations/pull-policy)

    ```powershell theme={null}
    docker build --pull -t secure:latest .
    ```
  </Step>
</Steps>