Track and Prioritize CVEs with Minimus' Vulnerability Intelligence

By
Neil Carpenter
June 30, 2025
Share this post

Minimus’ secure container images start with 95% fewer CVEs, creating a strong foundation that tremendously improves the resilience of our images over time. However, in any system, there will always be vulnerabilities which are not, yet, fixed. Minimus’ vulnerability intelligence gives you the tools to track and understand the vulnerabilities that do remain. 

With our team’s deep expertise in container security, we carefully monitor available vulnerability and exploit intelligence for any vulnerability in the packages our images contain to help you understand any risk that exists, prioritize action, and maintain visibility.

Proactive Vulnerability Monitoring

Our vulnerability intelligence includes the severity and potential impact of each vulnerability, showing us how damaging exploitation could be. Additionally, we monitor CISA KEV (Known Exploited Vulnerabilities), which tells us when a vulnerability is actually being exploited in the wild, and EPSS (Exploit Prediction Scoring System), which provides a measure of how likely a particular vulnerability is to be exploited in the next 30 days. This gives us an understanding of both how likely a particular vulnerability is to be exploited and, were it to be exploited, how much of an impact it might have.

Transparency for Users

We also make all of this available to our users – transparency is critically important in cybersecurity and we endeavor to make sure we are transparent about what we ship. Users can see every CVE associated with every package that we ship in Advisories, giving clear visibility into the disposition of every CVE – whether Minimus images are unaffected, already fixed, or waiting on a fix to become available. Additionally, CVEs that are known to or likely to be exploited are clearly labeled, so you know where to focus your attention.

A screenshot of Minimus’s Advisories page illustrating known vulnerabilities that are known to be or likely to be exploited.
Advisories show all CVEs found in Minimus’s package library and associated vulnerability and exploit intelligence.

Timeline View

Additionally, for CVEs that have affected shipping images, a timeline shows when Minimus first became aware of the flaw and when it was addressed in the affected images.

CVE-2025-4947 is shown in the Minimus console, with fixed versions of several images available.
Deep intelligence is presented for each CVE including any images that may have been impacted and fixed versions.

Per-Image Vulnerability Details

Finally, each image shows detected vulnerabilities in every version, tag, and SHA256 delivered to our users. This level of detail lets you quickly answer any questions that arise. For example, if a CVE is found in an out-of-date Minimus image deployed in production, teams can immediately identify that the issue is resolved in a later release and update their builds & deployments accordingly.

The Jenkins image is shown with vulnerability counts for several releases in chronological order.
Users can quickly assess each release of a particular image.

Maximum Insight, Minimal Effort

Minimus significantly reduces vulnerabilities and provides deep, real-time intelligence on any that remain, including exploit likelihood and known active threats. With full transparency through detailed advisories and per-image vulnerability tracking, users can quickly assess and respond to risks in their deployments. 

Want to see it in action? Request a demo and discover how Minimus can simplify your remediation process and give you better visibility into the vulnerabilities that matter most.

Neil Carpenter
Principal Solutions Architect

Try Minimus Today

Start using the latest version of any Minimus image for free - sign up now!