All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Minimal CVE Hardened Container Images for Enhanced Security

By

ritvikarya98

4mo ago· 13 min readenCode
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Sesame, salt, and substance. A flagship bake.

Score100Typepress releaseSentimentpositive

Summary

The article describes a GitHub project called 'minimal' that provides production-ready container images with minimal CVEs (Common Vulnerabilities and Exposures). The images are rebuilt daily using Chainguard's apko and Wolfi packages, offering significantly reduced vulnerabilities compared to traditional container images. For example, while traditional images like debian:latest may have 127 CVEs patched in about 30 days, these minimal images typically have 0-5 CVEs patched in under 48 hours. The project includes various language-specific images like Python and provides live vulnerability reports updated on every build.

Key quotes

· 5 pulled
Production-ready container images with minimal CVEs, rebuilt daily using Chainguard's apko and Wolfi packages.
Container vulnerabilities are a top attack vector. Most base images ship with dozens of known CVEs that take weeks or months to patch.
Traditional images — debian:latest — 127 CVEs, patched in ~30 days
Minimal images — minimal-python — 0-5 CVEs, patched in <48 hours
rtvkiz.github.io/minimal — live vulnerability report, updated on every build
Snippet from the RSS feed
Minimal CVE Hardened container image collection. Contribute to rtvkiz/minimal development by creating an account on GitHub.

You might also wanna read

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·5h ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·18h ago

npm malware targeting Claude users leaks own GitHub token, reaches 676 downloads

An npm package called "mouse5212-super-formatter" targeting Claude users acted as information-stealing malware, reaching 676 downloads befor

theregister.com·1d ago

Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

A single npm user published 14 malicious packages over four hours, impersonating popular OpenSearch, Elasticsearch, DevOps, and environment-

briefly.co·2d ago

How to Set Up an Apache Reverse Proxy for an Ecommerce Website

This article provides a comprehensive, start-to-finish guide on setting up an Apache reverse proxy specifically for ecommerce websites. It c

blog.radwebhosting.com·2d ago

How to set up local git remotes using a home server

A technical guide explaining how to set up local git remotes using a home server. The author describes the process of creating a bare reposi

cblgh.org·2d ago