Today we’re happy to announce Minimus Community Edition: hundreds of continuously built from source, near-zero CVE container images that are freely available. No trial, no auth wall, no signups, and (usually) no vulnerabilities.
This isn’t a subset of only some popular images; Community Edition includes not only images like Nginx, Python, Node, and Postgres, but also all the smaller supporting components vital to build and run modern apps.
Access to our full image catalog across major and minor versions allows developers to standardize on the same images used by production teams without waiting for procurement, approvals, or enterprise contracts.
Just like our Enterprise Edition images, Minimus Community Edition images are continuously built from source, hardened, and maintained to minimize vulnerabilities and attack surface over time.
Our images are purposefully built, containing only the components required to run the workload, resulting in fewer packages, a smaller attack surface, and 98% fewer vulnerabilities on average.
Community Edition images are continuously rebuilt as upstream software changes, helping users stay at or near zero CVEs without the burden of patching and maintaining images themselves.
Every image includes full visibility into packages, vulnerabilities, and software supply chain metadata, along with threat intelligence aligned with CISA BOD 26-04 to help teams focus on the risks most likely to matter.
Unlike many software products, Minimus Community Edition does not require registration, account creation, approvals, or procurement processes.
Developers can browse, pull, and begin using images immediately, making it easy to use Minimus in existing development, CI/CD, and infrastructure workflows.
Images can be used in both connected and air-gapped environments, giving teams flexibility across development, production, and regulated deployments.
Minimus images are drop-in replacements for commonly used container images, allowing teams to improve security and reduce vulnerabilities without redesigning applications or workflows.
Community Edition includes our industry leading compliance features, providing images with provably validated FIPS, CIS, NIST SP 800-190, and STIG compliance. In short, Community Edition images are the same images our customers across the world in industries like financial services, government, and health care depend on in production already.
This allows developers to start with images that already align with common compliance requirements instead of retrofitting compliance later in the development lifecycle.
We’ve been in container security a long time. When we started Twistlock back in 2015, there was no real concept of what container security required, and we’re proud to have defined the market for that. Over those past 11 years, though, one of the most fundamental challenges customers have with container security has gone unsolved. There are many great tools to help you find vulnerabilities; there are precious few solutions that actually remediate them.
Recently, with the advent of AI powered offensive research, like Mythos and Glasswing, the rate of vulnerabilities being discovered has dramatically increased, but the ability of users to deal with them has not. Even for very sophisticated users, the time, resources, and focus required to do the vital but commoditized work of updating open source software is overwhelming. Minimus enables you to avoid that trap entirely by starting with images that are near zero CVE on day one and maintained that way forever.
Minimus Community Edition is our contribution back to the larger community. We’re making these images available for anyone to use so that everyone can get ahead of this problem. As AI discovers vulnerabilities at increasing rates, Minimus images are the easiest and most frictionless way for you to stay ahead of the curve.
Minimus Enterprise Edition continues to be our solution for teams and enterprises that need contractually backed SLAs for vulnerability remediation and support.
It takes our same images and provides additional features to help organizations use them at scale, like our Actions that integrate with the tools you already have for automation and alerting, native self-hosting to store images in any registry, and Image Creator that allows you to give us custom recipes for images built exactly how you need them under our same SLAs.
You can read more about the additional features in Enterprise Edition here.
We’re proud to share these images with you and hope they help the community significantly improve everyone’s security.
.svg)
.svg)
.svg)
.svg)
