Trust is at the heart of security. Whether you are on the free tier or are a paying customer, Minimus is committed to upholding your trust. Following are our promises to you.
Minimus is committed to patching CVEs in its images within the following estimated timeframes:
A critical severity vulnerability will be remediated within 7 calendar days from the date a new release is available from the upstream project that fixes the vulnerability.
All other vulnerabilities (High, Medium, and Low severity) will be remediated within 14 calendar days from the date a new release is available from the upstream project that fixes the vulnerability.
In the event of high-profile CVEs that impact low-level, widely used packages, Minimus will take commercially reasonable efforts to rebuild all images promptly.
SOC 2® accreditation is SOC for Service Organizations: Trust Services Criteria.
ISO/IEC 27001 is the golden standard for information security management systems (ISMS). The accreditation covers information security, cybersecurity and privacy protection.
Minimus respects your privacy and fully protects all information about which images you pulled and when. Your Minimus account is completely separate and private to prevent any data leakage. No information is collected beyond the pull count, which is shown to the user.