Platform engineers need consistent, reliable, and observable infrastructure. Minimus integrates into existing GitOps and CI/CD workflows to provide a standardized baseline for the entire organization.
Minimus fits seamlessly into automated workflows using tools like ArgoCD, Flux, and Terraform. Every image version is associated with a unique, immutable digest and a timestamp tag, allowing for deterministic deployments and easy rollbacks. This ensures that your cluster state is always predictable and reproducible across different regions or environments.
Minimus eliminates "blind trust" by delivering every image with a cryptographically signed Software Bill of Materials (SBOM) in SPDX format. Using standard OSS tooling like cosign and jq, you can implement automated integrity gates within CI/CD pipelines or Kubernetes admission controllers (e.g., Kyverno or OPA).
By executing commands such as cosign verify-attestation --type spdx <image_digest> and piping the output to jq for predicate analysis, teams can programmatically verify that the running container exactly matches the hardened manifest produced by the Minimus build pipeline. This ensures that no unauthorized binaries or dependencies have been injected into the software supply chain.
Minimus images are built for Kubernetes, with pre-configured health probes, appropriate default user permissions (non-root), and minimal footprints that reduce node disk pressure and pull times. Smaller images mean faster scaling events and lower egress costs, especially in multi-cloud or edge computing scenarios. Minimus images follow CIS Kubernetes Benchmarks by default, reducing the manual hardening work for the platform team.
Minimus base images are 90–95% smaller, and reduce package count from hundreds to a lean handful of essential libraries. For example, a standard Node.js image drops from around 940MB to 52MB, and a Python image from around 850MB to 48MB, with package counts plummeting from over 400 to fewer than 15.
These reductions translate to immediate operational benefits: significantly faster "cold start" pull times in Kubernetes, lower node disk pressure, and reduced cloud storage and cross-region egress costs. Without unnecessary shells, package managers, and headers, every byte on disk serves a functional purpose, maximizing deployment velocity and resource efficiency.
