Skip to main content
Every Minimus image comes in two variants: a production image and a dev image. Both are minimal, secure, and updated daily — but they serve different purposes.
  • The production variant is the most minimal build: no shell, no package manager, no development utilities. Just the runtime and its direct dependencies.
  • The dev variant includes standard tooling and at least one shell, making it suitable for building, testing, and debugging.
Visit the Risk Reduction tab on any image page to compare vulnerability reports for both variants.

Why production images exclude developer tooling

Security requirements differ by context. In production, a smaller attack surface matters more than convenience. In development, speed and tooling matter more. Minimus lets you optimize for both without compromise. Every Minimus image version ships as a complementary pair:
  • Production image — e.g. nginx:latest
  • Dev image — e.g. nginx:latest-dev
Production images contain only what’s needed to run the application. Less code means fewer vulnerabilities, fewer attack vectors, and a smaller blast radius if something goes wrong. Dev images are built for the inner loop — building, testing, and debugging. They include a shell, a package manager, and common development utilities. They’re slightly larger than their production counterpart, but still far leaner and more secure than the official upstream image.

Using dev images in multi-stage builds

The prod/dev pair is designed for multi-stage workflows. Use the dev image for intermediate build steps — compiling, testing, installing dependencies — then switch to the production image for the final stage. The result is a lean, secure artifact with no build tooling included.
Last modified on June 17, 2026