What’s New in Minimus: Compliance Dashboards, Helm Charts, and VEX

We’ve had a busy summer. Since launching on April 28, more than 1,200 users from global enterprises, cutting edge startups, and government agencies have turned to Minimus to provide them with hardened, minimal container images.

Since our last major release in June, our R&D team has been focused on building out new capabilities that support regulated organizations and help developers easily deploy entire applications built atop secure Minimus container images. 

In this week’s release, the team shipped 20 new features and over 223 improvements, updates, and bugfixes to the Minimus platform. Highlighted below are some of the key features now available in Minimus. 

‍

New Compliance Dashboards and Views

‍

Government agencies and enterprises in regulated industries trust Minimus’ secure images to help them align with standards like FedRAMP, PCI, and NIST SP 800-190. Building atop Minimus’ application-specific hardening, Minimus customers can now view at an image level, or across their environment, the specific compliance regimes and controls image configurations are mapped to. 

These views make it easy to:

• See which images are aligned with specific compliance regimes
• Understand how controls map to image configurations
• Export reports for audits and internal reviews

These dashboards can be easily viewed or exported for use in audit activities.

‍

Hardened Helm Charts for Secure Deployment

‍

Container images are only one part of the equation. Now, Minimus provides hardened helm charts aligned with Kubernetes security best practices from CIS and NIST.

Minimus helm charts simplify configuration of secure microservice deployments with secure configurations out of the box, including:

• Minimal permissions and role-based access control
• Secure defaults for networking and pod security
• Built-in controls for common compliance frameworks

The result: It’s faster than ever to run containers securely in production. 

‍

Integrated VEX Support for Every Image

Minimus now publishes VEX (Vulnerability Exploitability eXchange) data for every image in the gallery. Paired with our cryptographically signed SBOMs, VEX lets teams instantly understand which vulnerabilities are exploitable, and which aren’t, within each container image.

You can use this data natively within the Minimus UI or pull it into other systems, making vulnerability triage faster, more accurate, and far less noisy.

‍

Integration With Microsoft for Single Sign-On (SSO)

Enterprise teams can now integrate Minimus directly with Microsoft Entra ID (formerly Azure Active Directory) for Single Sign-On. This brings:

• Centralized authentication
• Streamlined access control
• Easier onboarding and offboarding for your teams
  
  

Get Started With Minimus

Already using Minimus to pull the latest images for free? You’ll now see a preview of some of the features available to organizational users, such as the no-code actions that allow you to trigger activity in other tools based off of image and CVE updates. 

Want to see other new features in action? Get in touch for a personalized demo from one of our engineers.