Building Secure Apps
Selecting a version
Recommendations for selecting the right image for your project
Selecting the right image line
If you’re not already committed to a particular image version, you may be asking yourself which image line you should use? Minimus can help you decide based on your requirements:- As a general recommendation, unless you have constraints such as app compatibility issues, you should always use the latest version. This ensures that you are using the most up-to-date version and can benefit from security updates more completely.
- If your testing cycle is relatively longer, you may be forced to use a previous version line. You should still opt for the most recent version within the line to benefit from daily security updates.
- If you have constraints that require you to use an older image version, note that the version will not receive security updates. Minimus images are minimal and hardened from the start and so accumulate vulnerabilities more slowly, thereby staying more secure for a relatively longer period of time.
- Visit the Minimus gallery to view a current vulnerability report for any image version. The report provides an up-to-date status on the vulnerabilities detected in the version.
Avoiding cached images
Minimus images are typically rebuilt many times with the same version tag. As a result, the same image version tag may have numerous image digests, see for example the digest history for python version 3.13.5. Many times, vulnerabilities fixes are delivered without the image version tag changing so it’s particularly important to always pull the most recent digest. Learn more about digest history Here’s how to pull the latest version of the image from the registry, even if a local copy of the image already exists:- Docker:
--pullfor docker build,--pull alwaysfor docker run and docker compose - Kubernetes: set
imagePullPolicy: Always - Helm charts: set
image.pullPolicy=Always