Minimus’ secure container images start with 95% fewer CVEs, creating a strong foundation that tremendously improves the resilience of our images over time. However, in any system, there will always be vulnerabilities which are not, yet, fixed. Minimus’ vulnerability intelligence gives you the tools to track and understand the vulnerabilities that do remain.
With our team’s deep expertise in container security, we carefully monitor available vulnerability and exploit intelligence for any vulnerability in the packages our images contain to help you understand any risk that exists, prioritize action, and maintain visibility.
Our vulnerability intelligence includes the severity and potential impact of each vulnerability, showing us how damaging exploitation could be. Additionally, we monitor CISA KEV (Known Exploited Vulnerabilities), which tells us when a vulnerability is actually being exploited in the wild, and EPSS (Exploit Prediction Scoring System), which provides a measure of how likely a particular vulnerability is to be exploited in the next 30 days. This gives us an understanding of both how likely a particular vulnerability is to be exploited and, were it to be exploited, how much of an impact it might have.
We also make all of this available to our users – transparency is critically important in cybersecurity and we endeavor to make sure we are transparent about what we ship. Users can see every CVE associated with every package that we ship in Advisories, giving clear visibility into the disposition of every CVE – whether Minimus images are unaffected, already fixed, or waiting on a fix to become available. Additionally, CVEs that are known to or likely to be exploited are clearly labeled, so you know where to focus your attention.
Additionally, for CVEs that have affected shipping images, a timeline shows when Minimus first became aware of the flaw and when it was addressed in the affected images.
Finally, each image shows detected vulnerabilities in every version, tag, and SHA256 delivered to our users. This level of detail lets you quickly answer any questions that arise. For example, if a CVE is found in an out-of-date Minimus image deployed in production, teams can immediately identify that the issue is resolved in a later release and update their builds & deployments accordingly.
Minimus significantly reduces vulnerabilities and provides deep, real-time intelligence on any that remain, including exploit likelihood and known active threats. With full transparency through detailed advisories and per-image vulnerability tracking, users can quickly assess and respond to risks in their deployments.
Want to see it in action? Request a demo and discover how Minimus can simplify your remediation process and give you better visibility into the vulnerabilities that matter most.