Trust is at the heart of security. Whether you are on the free tier or are a paying customer, Minimus is committed to upholding your trust. Following are our promises to you.
Minimus is committed to patching vulnerabilities in its images within the following timeframes:
A critical severity vulnerability will be remediated within 48 hours from the time a new release is available from the upstream project that fixes the vulnerability.
All other vulnerabilities (High, Medium, and Low severity) will be remediated within 14 calendar days from the date a new release is available from the upstream project that fixes the vulnerability.
The above SLAs are provided under the applicable terms and subject to conditions, including the ability to resolve the vulnerability without affecting unrelated components and without rebuilding more than 25% of the total Artifacts. For full details, refer to the official Service Level Agreement (SLA).In the event of high-profile CVEs that impact low-level, widely used packages, Minimus will take commercially reasonable efforts to rebuild all images promptly. Learn more about our policy for backporting security fixes
SOC 2® accreditation is SOC for Service Organizations: Trust Services Criteria.
ISO/IEC 27001 is the golden standard for information security management systems (ISMS). The accreditation covers information security, cybersecurity and privacy protection.
Minimus respects your privacy and fully protects all information about which images you pulled and when. Your Minimus account is completely separate and private to prevent any data leakage. No information is collected beyond the pull count, which is shown to the user.
