Minimal, an open-source project, offers a collection of hardened container images. Built with Apko, Melange, and Wolfi packages, these images are rebuilt daily. They are designed to minimize CVEs and reduce the attack surface. The project aims to provide production-ready images that are easily customizable, addressing the need for secure and up-to-date container deployments.

The project addresses the critical need for secure container deployments. Traditional base images often ship with numerous known vulnerabilities, requiring weeks to patch. Minimal, by contrast, offers rapid patching, often within 24-48 hours. This approach is essential for meeting security audit requirements like SOC2, FedRAMP, and PCI-DSS, providing a safer alternative.

Minimal currently supports several images, including Python, Node.js, Bun, Go, Nginx, and more. The project also offers features such as cryptographically signed images with full SBOM for supply chain security. Users can quickly get started with simple Docker commands, making it easy to integrate these images into existing workflows.

Future goals for Minimal include expanding image support and becoming a community-driven project. The project's structure includes a build pipeline that incorporates package source assembly, verification, and signing. The project's use of keyless signing via Sigstore and SBOM generation further enhances security, making it a valuable tool for developers prioritizing container security.