Minimus continuously rebuilds images with the latest patched components to support a smooth update process for containers. Vulnerability fixes are applied daily to deliver the most secure versions of each image.

Minimus images are configured to comply with multiple industry standards. Minimus images undergo automated configuration checks as part of the build pipeline and the results are delivered in a dedicated compliance report per image. Minimus validates least-privilege user settings and other security configurations. Minimus images are also minimal and distroless to ensure that unnecessary packages are not installed in the container, further reducing potential configuration risks.

Minimus builds its images from MinimOS packages built directly from source and manages its own internal CI/CD pipelines to protect against embedded malware. The provenance of all image components are validated and verified according to SLSA L3 requirements.

Minimus images are built directly from source and include no secrets of any kind. No passwords, GitHub tokens, x.509 keys, or any other secrets are stored in Minimus images.

Minimus images and SBOM attestations are signed using the Sigstore toolchain and can be verified by Cosign to protect against the use of untrusted images.