Click any image version in the image line to view its details.

General information

  • Version metadata will be provided with when the version was last updated, whether the image version has been pulled yet, and the image size for the amd64 and arm64 architectures.
  • The full list of tags available for the image version will be shown. If the image is included in your subscription, you can copy the pull commands in one-click. For example, you can copy the tag with the date stamp and active token. It will look like this:
    docker pull reg.mini.dev/{token}/go:1.23.8-dev-202504210029
  • The latest digest is shown and available for copying. (The copy button will copy the digest alone. For example: sha256:ccf35a88cc2330b6d0a2d29b90ea8c16fd2ce4c320572fb6c4e7b64009fae638 )
  • The pull stats will show if the image has been pulled before and when it was last pulled.

Tabs

Specification

The specification tab provides technical specs in a convenient format to save you time. It lists:

  • Default user
  • Environment variables. Note that most Minimus images include the certificate variable SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
  • Entrypoint and default command
  • Default volumes
  • Default working directory
  • Stop signal

The manifest in JSON format is provided as well.

SBOM

The software bill of materials lists all component packages by version and license per architecture.

  • Toggle the view between amd64 and arm64.
  • You can search the list by package name, version, and license.
  • Click the Download Information button to to grab the relevant Cosign command for downloading the signed SBOM. You will need Cosign and jq locally installed. About verification

Learn more about SBOMs and why SBOMs are now mandatory by executive order for all U.S. government agencies.

Download SBOM

Click the button Download Information in the SBOM tab to grab the relevant Cosign command. For example:

cosign download attestation \
 --predicate-type=https://spdx.dev/Document \
 --platform linux/amd64 \
 reg.mini.dev/{token}/haproxy:latest | jq '.payload | @base64d |
fromjson | .predicate'

The command includes a variable specifying the relevant architecture. If you toggle between the options for amd64 and arm64, the command will change accordingly.

Vulnerabilities

The version vulnerabilities report lists all vulnerabilities currently impacting the version, by origin package. The report is compiled from data collected from package scanners that are run on a frequent basis several times a day.

  • Note that the report is for the most recent build for the version. Check the Digest History tab to see if previous builds have vulnerabilities.
  • You can search the list by CVE ID or package name.
  • The exploitability label marks vulnerabilites at high risk:
    • A vulnerability listed in the CISA KEV catalog is marked as an active exploit.
    • A vulnerability with a high EPSS score (over 60%) that is not in the CISA KEV catalog is marked as Likely to be exploited.
  • Expand a vulnerability to see when it was published, its description, and a link to the advisory listing.
  • Expand a vulnerability to see the derived package and version. For example:
    Origin > Package (version)
    traefik-3 > traefik-3 (3.3.5-r2)

Digest History

The digest history shows current and previous builds of the image version, shown with their current vulnerability count. The chronological timeline shows when every digest was published and how many vulnerabilities it currently has.