Understand your options for each image type to decide between the standard, advanced, FIPS validated, or hardened options
Any given image may be offered by Minimus in several options to meet various compliance or deployment requirements. For example, Postgres is offered as the following different images:
The standard image offered by Minimus is a minimal image that is closely aligned with the standard public offering. It will generally have fewer packages than the standard image and will deliver an extremely reduced vulnerability count if not zero vulnerabilities, in keeping with our strict package update policy. Learn moreThe standard image is a good place to get started with Minimus if you don’t have particular regulatory requirements to meet.
The FIPS validate image is similar to the standard image, but it replaces standard cryptography packages with proprietary, CMVP validated FIPS 140-3 packages that satisfy FedRAMP and other regulatory requirements. Transitioning to FIPS validated images may require changes to your application code depending on the specifics of your use case.The FIPS validated image is an excellent option if you seek to meet regulatory requirements that require FIPS 140-3 cryptography and NIST CMVP certification. Our support team is always available to assist. Learn more
Minimus Hardened images provide secure by default configurations that comply with CIS Benchmarks. For example, the Postgres-Hardened image is configured to comply with the CIS Benchmark for PostgreSQL, a consensus-based security hardening guide that is aligned with industry standards and defines recommended configuration settings, access controls, and operational practices to reduce the attack surface.Minimus Hardened images offer a special dedicated compliance report for the CIS benchmark. See the Postgres-Hardened CIS Compliance report for example.Notes:
Overriding the default configuration file may nullify the compliance if performed incorrectly.
Additional post-deployment runtime validations that are out of scope for Minimus should be performed by the operator to ensure full compliance with the CIS benchmark.
Minimus Advanced images are designed to be deployed in Kubernetes, often with Helm charts. Advanced images add operational tooling including pre-configured environment variables, lifecycle hooks (pre-start, post-start, shutdown), and helper scripts, so you can deploy and manage applications with minimal manual setup.Minimus Advanced images can be used as drop-in replacements in Bitnami charts and often support OpenShift restricted-v2 security context constraints (SCCs) to control Pod permissions.Minimus Advanced images are recommended if you are looking for images that are compatible with Bitnami Helm charts.
