Most teams manage infrastructure and application code through Git-based workflows. Why should container images be any different? minicli lets you manage image recipes as YAML, version control them in Git, and integrate image management into existing CI/CD workflows.

As AI makes vulnerability research faster and more scalable, security teams will need better ways to consume fixes, reduce attack surface, and keep pace with change. Check out the full webinar: buff.ly/ml7sBtf

A lot of container security work is really just ongoing maintenance work. Minimus eliminates as much of that operational burden as possible, so teams spend less time building images, patching vulnerabilities, preparing for audits, and coordinating fixes. Learn more:

Platform teams spend a surprising amount of time managing container image maintenance instead of building infrastructure that moves the business forward. This blog breaks down 3 ways hardened images help platform teams save time across engineering, security, and compliance:

The EU Cyber Resilience Act has a detail that catches a lot of teams off guard: scope is determined by where your customers are. If EU customers download or deploy your software, you're in scope. Learn more: buff.ly/gFnddzw #CyberResilience #ContainerSecurity #CRA #DevSecOps #SoftwareSupplyChain

What security controls should every organization have in place for their containerized environments? Keep watching: buff.ly/kP1USUo

The best metrics for your container security program depend on why you're moving into a containerized workload environment. Watch the full video here, where we break down how to plan and run a container security program: buff.ly/jmREXYL

What happens when AI can autonomously chain zero-days across major operating systems and browsers? Join us for a technical discussion on what Anthropic’s Claude Mythos preview means for defenders, attackers, and the future of application security. 🎟️ Save your spot: buff.ly/srlUQA7

Historically, some vulnerabilities were so difficult to find that only nation-state level attackers could realistically exploit them. John Morello and Bruce Schneier discuss whether AI could fundamentally change that and how we can defend against it. Watch the full video: buff.ly/Ckn237P

Good sessions end at 5. Good conferences don't. 😉 Edera + @minimus.io are hosting Sprout & Sip at Minneapolis' Flora Room, May 19, 6:30 PM. Drinks, bites, real conversations. Space is limited. edera.link/sprout-sip

When will AI's ability to fix vulnerabilities catch up to its ability to find vulnerabilities? Chenxi Wang and John Morello talk about the limits of AI when it comes to fixing vulnerabilities. Watch the full video: buff.ly/kDV6XW4

Containers are not a security boundary by definition. In this clip, Neil Carpenter breaks down the differences between containers and virtual machines and why configuration management matters in containerized environments. Watch the full video: youtu.be/CDy-QEeJJic?...

Public images often take months, or even years, to remediate known vulnerabilities. Minimus images reduce that window to days, helping teams spend less time patching & more time shipping secure software. Learn how MTTR impacts container security and why faster remediation matters:

Good drinks, better company. We're co-hosting Sprout & Sip with our friends at Edera on May 19 in Minneapolis. Join us at the Flora Room for an evening of cocktails and open source convos. 🌸 Register: buff.ly/1nlIfi5 #OpenSourceSummitNA #OpenSource

Your scanner flagged 847 vulnerabilities. Now what? Most teams are drowning in vulnerability reports, but few understand how those findings are actually generated. Join us on May 14 to learn how container scanners work, how to read CVE bulletins, and how to validate results. :

John Morello and Bruce Schneier sat down last week to talk about AI, the rise of "instant software", and how tools like Claude Mythos are changing vulnerability discovery. Watch the full video: buff.ly/zzqvIMX Read Bruce’s original essay that inspired this conversation: buff.ly/O0NOGkh

In a post-Mythos era, AI can now chain exploits in hours rather than weeks. You can’t keep up by patching. The only scalable answer is to start with without. ZERO IS A HERO. buff.ly/JckEQz9

Minimus images are OCI compliant, built from upstream source, drop-in replacements for the container images you're using today - with 97% fewer CVEs, out of the box. Watch the full video: buff.ly/6Hd6RRh

People always ask about our 98% CVE reduction number. Here's how we actually do it. Full video: buff.ly/rcjPPY3

AI is accelerating vulnerability discovery, but the real problem hasn’t changed: volume. Neil breaks down the reality behind AI-driven vulnerability discovery and what defenders should do when they can't patch everything: buff.ly/vdbuGCq @neilcar.bsky.social

Building a CIS compliant container image isn’t the hard part. Maintaining compliance across container environments as dependencies grow, base images change, and new CVEs emerge is where most teams struggle. Here's what continuous CIS hardening looks like, and how Minimus helps: buff.ly/BPWXGM1

John Morello explains how Minimus works with Merge Ready. Swap your base image, drop your CVE count - it's as simple as that. Full video: buff.ly/fSH3aW1

Open source powers everything, and securing it is a shared responsibility. Kat Cosgrove talks about why giving back isn’t optional, and how we’re doing our part with free access to Minimus hardened images for eligible projects: buff.ly/FJv0Y2M Watch the full video: buff.ly/bux07Dt @kat.lol

A lot of security gaps come down to lack of visibility. The Minimus Activity Log gives teams a clear audit trail of platform access, token changes, and custom image activity, making it easier to investigate issues, maintain accountability, and stay ahead of risk:

We break down container runtimes, static vs. dynamic binaries, and how to avoid runtime failures before they hit production:

A lot's happened since trivy v0.69.4 last week: 🗓️ Mar 22: malicious v0.69.5 + v0.69.6 pushed to docker hub 🗓️ Mar 22: teamPCP defaced all 44 repos in aqua's github org 🗓️ Mar 23: Checkmarx KICS GitHub Actions and few OpenVSXPlugins were affected 🗓️ Mar 24: LiteLLM compromised on PyPI 👇

Most teams don't know what's actually in their container images. Minimus shows you how many packages are in your image and what vulnerabilities they're carrying. 📦️ public node image = 500+ packages. 📦️ Minimus node = 15. = 97% package reduction, 100% fewer CVEs. Full breakdown: buff.ly/sEVwkny

One week. Two events. A lot of great conversations. Thanks to everyone who stopped by, said hi, and took a shot at the dart board 🎯 We’ll see you at the next one! #Minimus #KubeConEU #RSAC

📸 Tiny prints, big week. That's a wrap on KubeCon EU - we had a great time! If you’re at RSAC, today’s your last chance to come by booth # S-1061. The Mini Cooper is still up for grabs! Stop by to beat our current DART high score 🎯🚗 #RSAC #RSAC2026

We actually can be in two places at once… Can you guess which is our RSAC booth and which is our KubeCon booth? If you’re at either event, come find us: 📍 RSAC: Booth # S-1061 📍 KubeCon: Booth # 940 + 🎯 Space # 340 #KubeConEU #RSAC #ContainerSecurity #Cybersecurity

Step 1: Focus 🎯 Step 2: Trust yourself Step 3: Win a Mini Cooper 🚗 The previous competition winner makes it look easy. Catch us at KubeCon EU booth # 340 + RSAC # S-1061 to take your shot. #KubeConEU #RSAC #Minimus

Minimus has two booths at #KubeCon - Come say hi! 📍 Booth # 940 - Hang out and talk container security and minimal, hardened images. 🎯 Activation Zone # 340 - Play our DART Challenge: Winner takes home a brand new car!

If you are at Kubecon and think farts are funny, I have a VERY limited number of @minimus.io whoopie cushions available!

If you maintain an open source project, we want to support you. We’re excited to launch our Open Source Program, providing access to our secure, minimal images free of charge to eligible projects. Apply or get more information here: buff.ly/dbV6OQm #OpenSource #ContainerSecurity @kat.lol

Had a great time at Open Source Security Con today! Come see us tomorrow at KubeCon - Booth # 940

It’s a big week for Minimus! We won 3 Global InfoSec Awards 🏆 🏅 Market Leader: Container Security 🏅 Market Disruptor: Cybersecurity Startup 🏅 Editor’s Choice: Software Supply Chain Security We’re grateful for the recognition and for the teams building with us!

Using Trivy? v0.69.4 was compromised in a supply chain attack. We break down what happened and what to do if you’re affected: buff.ly/3Pr1qjF

Another event, another Mini Cooper giveaway! That's right - we're bringing the Minimus DART Challenge to KubeCon AND RSAC next week, and someone's leaving with a car! Come see us at RSAC booth S-1061 / KubeCon booth 940 🎯 🚙 #KubeCon #RSAC #Cybersecurity #ContainerSecurity #CloudSecurity

Can't wait for KubeCon EU next week! We're at booth 940 - don't forget to stop by.

I'm very lucky that @minimus.io considers the work I do for Kubernetes to be part of my job. That isn't true for most maintainers. Projects are failing or suffering attacks because of a lack of contributors from companies built on top of them, and that's *everyone's* problem. dev.to/katcosgrove/...

Heading to RSAC next week? Join us for a panel lunch, The Cyber Wok 🍜, on Tuesday, March 24. We'll have two panels discussing AI agents, autonomous security, and the risks security leaders are watching next. Spots are limited, so request your seat soon: buff.ly/LjAgEE6 #RSAC #RSA #RSAC2026

With RSAC and KubeCon EU coming up, some people are brushing up on Kubernetes and threat models... 🎯 Others are training for the Minimus Double DART Challenge. 🚙🏆 Get ready for your chance to win a custom Mini Cooper! #KubeConEU #RSAC #RSA #KubeCon #CloudNativeCon

🍻 Heading to KubeCon Europe? Join us Monday, March 23rd at Tulips & Taps, a happy hour at the iconic Heineken Brewery. Get some drinks, bites, and a chance to connect with the cloud native community before the week kicks off. Register here: buff.ly/SsMDlHg #KubeCon #CloudNativeCon #Kubernetes

We did it at KubeCon NA - Now we’re bringing it back! Get ready for the Minimus Double DART Challenge at RSAC and KubeCon EU 2026! The highest individual score across both events wins a custom Mini Cooper 🚙 So the question is simple: Will RSA or KubeCon have better aim? #KubeConEU #RSAC

🎤 Looking for something fun to add to your #RSAC schedule? Join us for Secure the Mic, an invite-only karaoke night. No pitches (just vocal ones). No presentations (except your best power ballad). Just good music and good company: buff.ly/XKSy4lJ

CVEs are inevitable. Slow remediation doesn’t have to be. In this post, we show how Minimus detected a Go vulnerability (CVE-2025-22872), updated the vulnerable module, rebuilt the package, and published a new image, all in under 12 hours:

🏆 Big news heading into RSAC! Minimus is proud to be named a finalist for Best Application Security Solution in the 2026 SC Trust Awards: buff.ly/9wZhEdc Looking forward to seeing everyone at RSAC Conference when the winners are announced! #SCAwards2026 #RSAC2026

🎯 Start practicing your aim, #KubeConEU and #RSAC 📍 Two conferences. 🏆️🚙 One Mini (Cooper) Prize. See you at there!

👀 A package update. A vulnerability fix. Full advisory history. Minimus' detailed changelogs let you drill into exactly what changed, what was impacted, and whether you want to pull the update. That’s how agile security should work.

Minimal images reduce more than vulnerabilities. They reduce storage, transfer costs, CI/CD time, and operational overhead across every environment. This post breaks down the additional benefits: