We did this because we believe this market is becoming more about the integration and enterprise capabilities rather than just selling the images. The more people know about, use, and benefit from the images the more…
Correct they do not have any rc I’m not personally familiar with exe.dev but if it can run normal OCI images it should be pretty simple to use ours. If you want a shell and package manager and some common busybox…
Depends on your preferences but probably easiest approach is to take the -dev version of our PHP image and run a build from that to add whatever you need on top of that hardened base. You can even do a multi step build…
Even the :latest is something of a wish :) You may / may not be surprised how many enterprises still run long ago EOL'd versions of various stacks, frequently on full blown OS base layers of similar vintage
Yep, these are just normal OCI compliant images served from a normal OCI compliant registry. You can cache them however you'd like.
No rate limiting or degradation of service for Community Edition. Same images, same registry as Enterprise Edition.
Free markets work :) With Minimus Community Edition, you now have access to 1,000s of built from source, near 0 CVE images without cost or friction
Correct, we are not claiming to be auditing the source of every software package in the world. The value we provide is a minimalistic architecture so you start with a significantly smaller attack surface and continuous…
Sure, but you could make the same argument for literally any software that you're getting that was built by someone else and have not personally inspected each line of source in. For example, you could make the same…
Not sure what you mean here. We have many enterprise customers, in industries including government, health care, financial services around the world. The whole value of the product is helping them avoid all the risk and…
1. Distroless base. Imagine an effectively empty filesystem that only includes the components needed to run the app. The package manager we use is apk from Alpine and we make our full package universe of >10,000…
Also note that one of the features of Enterprise Edition is our integrations with Slack, email, GitHub, webhooks, etc. This enables really simple but powerful notification and automation scenarios based on image fixes…
We build all these images directly from upstream source across thousands of projects and assemble them into standard OCI images for you. We do this continuously, every time there are new versions released upstream. The…
It’s a library of near 0 CVE images available to use for free. Think Docker Hub, just without vulnerabilities. They’re all normal, OCI compliant images. You can pull them, run them, and build on them like you would any…
Re 3, one of the features in Enterprise Edition is integrations with Slack, GitHub, webhooks, etc. a key use case is getting a push notification (or even triggering automation) when an image you’re using gets an update.…
Fair complaint. As with all software development we make tradeoffs to try to balance time and capability. I’ll make sure our front end lead see this though :)
This is exactly why we’ve made Community Edition free. The value of hardened, well maintained images to the world writ large is huge. We believe there is sufficient value to enterprises in the SLAs and broader feature…
Totally get it… practically if you don’t want to have to deal with constantly updating images you have to have some degree of trust in whomever you get them from… that said, we try to be as transparent as possible with…
Not sure what you mean… we have more images than DHI, we have FIPS images available freely, and all our images are built from source on a distroless base. These are just objective facts. The build from source on…
Certainly something we can add, just not something any customers have wanted thus far. reg.mini.dev is really a front end to Google Artifact Registry which already supports v6. I opened an issue for our devops team to…
Currently, yes free as in beer. We build every component directly from source in a SLSA 3 environment we run (mostly in GCP). Making the Dockerfiles available is a fair question, not something we’ve done thus far…
We would be happy to sell it to you today! :) This is our new Community Edition, which are all the exact same images as the Enterprise Edition product customers around the world already use, just without all the other…
One of those is the image, one is a Helm chart using that image. The chart has an label and icon for chart but obviously we need to make this clearer :) Thanks for the feedback!
We build anytime any component within an image has a new upstream version. If there’s no new upstream versions, no reason to build. Check out the changelog tab in each image listing and you can see exactly when and why…
1. These are all >1200 of our images, including FIPS, and all versions… others gate many of their images 2. These are all built continuously from upstream source on a distroless base… this makes a significant difference…
We did this because we believe this market is becoming more about the integration and enterprise capabilities rather than just selling the images. The more people know about, use, and benefit from the images the more…
Correct they do not have any rc I’m not personally familiar with exe.dev but if it can run normal OCI images it should be pretty simple to use ours. If you want a shell and package manager and some common busybox…
Depends on your preferences but probably easiest approach is to take the -dev version of our PHP image and run a build from that to add whatever you need on top of that hardened base. You can even do a multi step build…
Even the :latest is something of a wish :) You may / may not be surprised how many enterprises still run long ago EOL'd versions of various stacks, frequently on full blown OS base layers of similar vintage
Yep, these are just normal OCI compliant images served from a normal OCI compliant registry. You can cache them however you'd like.
No rate limiting or degradation of service for Community Edition. Same images, same registry as Enterprise Edition.
Free markets work :) With Minimus Community Edition, you now have access to 1,000s of built from source, near 0 CVE images without cost or friction
Correct, we are not claiming to be auditing the source of every software package in the world. The value we provide is a minimalistic architecture so you start with a significantly smaller attack surface and continuous…
Sure, but you could make the same argument for literally any software that you're getting that was built by someone else and have not personally inspected each line of source in. For example, you could make the same…
Not sure what you mean here. We have many enterprise customers, in industries including government, health care, financial services around the world. The whole value of the product is helping them avoid all the risk and…
1. Distroless base. Imagine an effectively empty filesystem that only includes the components needed to run the app. The package manager we use is apk from Alpine and we make our full package universe of >10,000…
Also note that one of the features of Enterprise Edition is our integrations with Slack, email, GitHub, webhooks, etc. This enables really simple but powerful notification and automation scenarios based on image fixes…
We build all these images directly from upstream source across thousands of projects and assemble them into standard OCI images for you. We do this continuously, every time there are new versions released upstream. The…
It’s a library of near 0 CVE images available to use for free. Think Docker Hub, just without vulnerabilities. They’re all normal, OCI compliant images. You can pull them, run them, and build on them like you would any…
Re 3, one of the features in Enterprise Edition is integrations with Slack, GitHub, webhooks, etc. a key use case is getting a push notification (or even triggering automation) when an image you’re using gets an update.…
Fair complaint. As with all software development we make tradeoffs to try to balance time and capability. I’ll make sure our front end lead see this though :)
This is exactly why we’ve made Community Edition free. The value of hardened, well maintained images to the world writ large is huge. We believe there is sufficient value to enterprises in the SLAs and broader feature…
Totally get it… practically if you don’t want to have to deal with constantly updating images you have to have some degree of trust in whomever you get them from… that said, we try to be as transparent as possible with…
Not sure what you mean… we have more images than DHI, we have FIPS images available freely, and all our images are built from source on a distroless base. These are just objective facts. The build from source on…
Certainly something we can add, just not something any customers have wanted thus far. reg.mini.dev is really a front end to Google Artifact Registry which already supports v6. I opened an issue for our devops team to…
Currently, yes free as in beer. We build every component directly from source in a SLSA 3 environment we run (mostly in GCP). Making the Dockerfiles available is a fair question, not something we’ve done thus far…
We would be happy to sell it to you today! :) This is our new Community Edition, which are all the exact same images as the Enterprise Edition product customers around the world already use, just without all the other…
One of those is the image, one is a Helm chart using that image. The chart has an label and icon for chart but obviously we need to make this clearer :) Thanks for the feedback!
We build anytime any component within an image has a new upstream version. If there’s no new upstream versions, no reason to build. Check out the changelog tab in each image listing and you can see exactly when and why…
1. These are all >1200 of our images, including FIPS, and all versions… others gate many of their images 2. These are all built continuously from upstream source on a distroless base… this makes a significant difference…