Cybersecurity Stars Awards · By The Hacker News
2026 WINNER · CYBERSECURITY STARS AWARDS

Minimus Platform · Hardened Container Images

Most Innovative DevSecOps Platform
2026 Winner medal
Minimus logo
Company
Minimus
Location
United States
Website
minimus.io
Team Size
50 - 99 employees
01

Overview

Founded in October 2022 by Ben Bernstein, Dima Stopel, and John Morello, Minimus radically reduces cloud software vulnerabilities. As the pioneers of container security with Twistlock and author of NIST SP 800-190, Minimus solves the endless treadmill of cloud software vulnerabilities by simply preventing of them from ever existing, delivering a modern foundation for secure container software, open source container security, and software supply chain security with near-zero CVEs.

Minimus builds images from scratch, directly from upstream project sources, with only the minimal software needed to run the app, dramatically reducing their attack surface. Minimus images are drop-in replacements for the apps organizations are already using and are deployed with single line configuration file changes, providing nearly instant time to value. Minimus eliminates time-consuming and low-value remediation work for devs, is easy for ops to deploy and manage using their existing tools, and provides security with remarkably clear risk reduction.

02

Key Capabilities

Minimus is purpose-built to meet the needs of enterprise security teams and the pace of fast-moving developers – providing minimalistic container and VM images, and eliminating over 97% of Common Vulnerabilities and Exposures (CVEs) from software supply chains. With a single change to deployment configurations, organizations can realize an immediate decrease in vulnerability exposure, vastly accelerating remaining remediation efforts.

Key features include:

  • Hardened Image Gallery, providing thousands of images with near-zero CVEs compared to public container images: Minimus images contain only the software users need to run their application - no added bloat; images for every use: LLM, app development, cloud native infrastructure; and FIPS 140-3, STIG, NIST and CIS ready images for sensitive workloads
  • FedRAMP Compliance, Minimus container images are hardened to industry standards, making compliance easy to achieve and demonstrate: FIPS 140-3 and STIG-ready images; image and applications hardened to CIS and NIST benchmarks; and native compliance dashboards and audit-ready reporting
  • Custom Image Creation, enabling users to configure their own hardened container images with Minimus taking care of all updates and maintenance: Build atop Minimus' thousands of secure base images; customize packages, files and certificates as needed; and Minimus handles all automated updates under its SLAs

As a result, organizations realize the following benefits:

  • Developers can trust the compatibility and features of Minimus images, which are built directly from upstream project source repositories. Each image contains a signed SBOM of each component.
  • Operations teams can be confident that Minimus images work seamlessly with existing infrastructure and pipelines because they are standard OCI images deployed and managed with standard tools. In most cases, users only need to change a single line in a Kubernetes deployment to start using Minimus images. Additionally, Minimus integrates with existing tools like Jira, GitHub, Slack, and webhooks, simplifying alerts and automation.
  • Security teams immediately reduce risk in their environment by reducing over 97% of vulnerabilities. Minimus integrates threat intelligence so that organizations can easily prioritize those few remaining vulnerabilities, and has full support for self-hosting images, including air-gapped architectures.
03

How we are different

Minimus' OCI-compliant images include only the essential packages needed to run a given application. They are the exact same bits already running for common cloud apps like Nginx, Postgres, Go, Traefik, and hundreds more. What makes them special is what they don't include. For instance, typical container images are built on general-purpose base layers often containing dozens of packages not needed to run an app. Minimus takes the opposite approach, building images from scratch with only the bits required. This results in vast reductions in attack surface and fewer vulnerabilities.

While traditional approaches require organizations to constantly detect, triage, and remediate vulnerabilities, Minimus simply results in not being affected by more than 97% of vulnerabilities that impact typical images. Only Minimus drastically reduces security risks and the amount of work and time teams spend managing cloud vulnerabilities

Minimus container images are also publicly available on Iron Bank, the U.S. Department of Defense's central repository for hardened container images. Federal agencies, government contractors, and systems integrators can now streamline their path to obtaining an Authority to Operate (ATO), achieve FedRAMP compliance, and align effortlessly with stringent government security standards.

04

Gallery

Gallery image 1