What can you say about long-term plans? The bitnami situation burned a lot of people I think, and yes we can cache your images, but switching providers still does not come for free.
Hello John, happy to hear that the image is free to the community, what a great contribution. May I know what is the underlying method to build the distroless image? Chainguard recently delete most of the cloud native application in their community repository, and I'm figuring how to get away from wolfi melange and apko. My closest bet is nix pkgs, but it would be great if you can share what you are using in Minimus :)
Asking the very obvious question (as it's not apparent from the website): Why would I use this over DHI (Docker Hardened Images) or Chainguard Images, both of which also have a set of free hardened images?
Since we started paying for Chainguard I’ve become super sold on the benefits of minimal and continually patched images. It’s just a shame that the open source community only gets to benefit from the limited free library DHI and Chainguard offer. I understand it costs money though and that needs to come from somewhere.
Completely blocking the image information page to mobile user agents is completely unnecessary. I'd much rather look at your non optimized page than be told to come back on desktop.
Moreover, even after switching to desktop mode on my phone, there's nothing I see that precludes you from employing a little bit of CSS to make those pages render more nicely on mobile screens.
I have no idea what the heck is this, maybe it’s a great product but a very poor website in telling what I am getting into, is this better than the usual containers? How? Supported platforms? Can I run it on arm? The usuals
I truly don't get this. What is the security policy here? Why should I trust images built by minimus.io? How do I know they don't contain malicious software? What's the point?
In the risk reduction tab, it should compare the vulnerability count against the node-slim image. In my eyes, it takes away from the offering when they try to prop up the vuln count for the official images, and nobody deploys `node:latest`.
I'm interested in using these images on exe.dev. exe supports any oci images and stands it up as a microvm, in which it would be used non-ephemerally from that point. I'm assuming the images don't have any rc/services. How hard would it be to pull that back in after image deployment? (Also looks like I'd want to use the -dev images which include shell/apk, etc)
Thank you for this! Super valuable for contribution to all businesses. Suppose I want to add a custom PHP extension such as NewRelic, how would I go about adding that on your distroless images?
used bitnami images and charts that depended on them, then they pulled them back after being bought by broadcom causing headaches. not getting bit by the rugpull again sorry.
29 comments
[ 2.8 ms ] story [ 52.1 ms ] threadMoreover, even after switching to desktop mode on my phone, there's nothing I see that precludes you from employing a little bit of CSS to make those pages render more nicely on mobile screens.
- Chainguard Images
- Chainguard Libraries
- Chainguard VM
...
With Minimus Community Edition, you now have access to 1,000s of built from source, near 0 CVE images without cost or friction
Edit: honestly I'm flagging this post. This really looks like fishing for customers to make them vulnerable in future.
An easy comparison is wolfi, which is completely open source.