Modern applications aren’t built from scratch. Rather, they’re built with pre-defined building blocks to reduce the time and effort required to ship a usable product. However, these building blocks are often riddled with unnecessary vulnerable components that trigger and multiply security alerts wherever these building blocks are used. 

Today, we’re excited to announce our partnership with Minimus, a company tackling this pervasive security issue at the source by making secure, minimal container images.

A brief introduction to Minimus

Minimus delivers distroless container images that contain only the necessary components to run your application. This effectively reduces the size of container images, simplifies dependency management and developer flows, and reduces CVEs by 95%. Minimus containers ship with application-specific security hardening, and are continuously updated to align with evolving benchmarks and threat intelligence.

To support remediation of remaining CVEs, Minimus integrates threat intelligence by combining data from Exploit Prediction Scoring System (EPSS), CISA Known Exploited Vulnerabilities (KEV) and their own security research efforts. Automated actions can also be triggered when new CVEs are identified to alert teams and drive speedy remediation.

Minimus continuously monitors upstream projects, and rebuilds images from source upon upstream changes, ensuring that updates are published rapidly—usually within hours of a vulnerability being fixed upstream. 

Zero in on high impact remediation with Minimus and Orca

Orca delivers comprehensive, agentless-first visibility into every layer of your cloud estate—including cloud configurations, host OSes, container images, Kubernetes clusters, open-source components, and more. Orca customers now have full visibility into Minimus images, including metadata, vulnerabilities, and critical security context across related attack paths that threaten those workloads, including Agentless Reachability Analysis. Together, Minimus’ reduced attack surface and Orca’s comprehensive visibility hone in on the vulnerabilities that matter most, unlocking high-impact remediation and better ROI for security teams.

A screenshot from the Orca platform displaying a container image distributed by MinimOS
Any container images distributed by MinimOS will now have this metadata visible in Orca.

Orca and Minimus make it easy for organizations to achieve full stack compliance for the entire application. Minimus images have built-in conformance to FedRAMP, DoD SRG, and CIS Benchmarks. In the Orca Platform, customers can select from nearly 200 customizable compliance frameworks and CIS benchmarks to enable fast, effective reporting across their entire cloud estate, including Minimus images.

A screenshot of the Orca platform compliance monitoring for PCI-DSS
Compliance monitoring for PCI-DSS and nearly 200 other frameworks in the Orca Platform.

About the Orca Cloud Security Platform

Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection. 

Learn More

Interested in discovering the benefits of the Orca Platform and how it can be integrated with tools like Minimus? Schedule a personalized 1:1 demo, and we’ll show how you can use Orca to identify, prioritize, and remediate risks in your cloud environment.