Collective industry experience shows that most vulnerabilities in an app originate in the “upstream”. That is, many of the CVEs impacting the typical application are introduced by dependencies, runtimes, and other components they build upon. Historically, the container images available for most apps included many ancillary and supporting components beyond the app itself, expanding your susceptibility to these upstream vulnerabilities. Thus, to actually get ahead on the vulnerability treadmill, you need to both ensure the app itself and all its components are updated while also minimizing unnecessary software in your images.

Minimus images offer a comprehensive solution for optimizing the security of your images. With Minimus, you’ll have the means to keep your stack almost entirely free of vulnerabilities for the long term thanks to the following:

  • Clean Start

    With Minimus, you’ll start off with a pristine image with few, if any, vulnerabilities. Visit any image in our Minimus Gallery to see a CVE comparison over the past year with the exact CVE reduction to see the benefit in hard numbers.

  • Lean & Minimal

    Unnecessary packages and utilities simply aren’t in Minimus images so they have the smallest possible attack surface. Less bulk and less code translate into fewer packages, which in turn means that images accumulate new vulnerabilities at a slower rate. Minimus’ purposeful minimalism translates into an inherent security advantage.

  • Daily Release

    Minimus automatically builds every image daily whenever there’s an update to the app or upstream dependencies.

Remediating Vulnerabilities with Minimus

With Minimus images drastically reducing the number of vulnerabilities to deal with, your risk and the effort required to mitigate it is also drastically reduced.

Here’s how remediation is managed with Minimus:

  • Vulnerability reports allow you to track the current vulnerability status for every image version in your stack and more. The digest history helps you track when new a image release fixed a vulnerability.
  • Advisory Enrichment helps you prioritize deployment of available fixes and assess the need to implement mitigation strategies and update security controls to contain known vulnerabilities while they await a fix upstream.
  • Actions notify you when new image versions are released that fix the most exploitable or critical severity vulnerabilities in your environment.