Minimus offers every image version in 2 variants: standard and dev. In the image gallery, you will see the image variant pairs side by side, each with their relevant tags and timestamp. The dev variant is a little more robust, and includes dev tools and at least one shell. The standard, non-dev variant is the most minimal build, and will thus remain more secure over time.

Minimus rationale for image pairs

Minimus is centered around the understanding that developers have different priorities in different contexts. In production, security outweighs convenience. During development, however, efficiency, speed, and developer experience are of greater concern and need to be optimized. Minimus makes it possible to enjoy the best of both worlds without sacrificing either goal. Minimus optimizes both security and developer experience by delivering a hybrid solution. Every Minimus image version is comprised of a complementary pair:
  • Production image, for example nginx:latest
  • Dev image, for example nginx:latest-dev
The Minimus methodology holds that the production image should be lean and clean - with only the runtime requirements and direct dependencies. The less code the production image holds, the better. That’s why Minimus production images generally don’t contain shells, package managers, or development utilities. They are designed to provide a runtime for production workloads and reduce the attack surface. The matching dev image is designed for building, testing, and debugging. To provide a good developer experience, the dev image contains standard development utilities, a shell, and a package manager that makes it easier to work with. DEV images are slightly bulkier than their corresponding production image, but they are still very lightweight, with fewer packages, and significantly more secure than the official image. With fewer unnecessary packages, Minimus dev images have far fewer vulnerabilities than the generic official image.

Using dev images for multi-stage builds

Minimus complementary image pairs can be leveraged by developers to optimize security in their production environments while enjoying the convenience of more robust images during development. Multi-stage workflows allow developers to build artifacts with Minimus dev images for intermediate steps and use the lean production image for the final application build to deliver safer applications.