Show HN: Minimal – Open-Source Community driven Hardened Container Images

Summary

Minimal: Hardened Container Images A collection of production-ready container images with minimal CVEs, rebuilt daily using Chainguard's apko and Wolfi packages. By including only required packages, these images maintain a reduced attack surface and typically have zero or near-zero known vulnerabilities. Available Images Image Pull Command Shell Use Case Python docker pull ghcr.io/rtvkiz/minimal-python:latest No Python apps, microservices Node.js docker pull ghcr.io/rtvkiz/minimal-node:latest Yes Node.js apps, JavaScript Bun docker pull ghcr.io/rtvkiz/minimal-bun:latest No Fast JavaScript/TypeScript runtime Go docker pull ghcr.io/rtvkiz/minimal-go:latest No Go development, CGO builds Nginx docker pull ghcr.io/rtvkiz/minimal-nginx:latest No Reverse proxy, static files HTTPD docker pull ghcr.io/rtvkiz/minimal-httpd:latest Maybe* Apache web server Jenkins docker pull ghcr.io/rtvkiz/minimal-jenkins:latest Yes CI/CD automation Redis-slim docker pull ghcr.io/rtvkiz/minimal-redis-slim:latest No In-memory data store PostgreSQL-slim docker pull ghcr.io/rtvkiz/minimal-postgres-slim:latest No Relational database *HTTPD, Jenkins,Node.js may include shell(sh,busybox) via transitive Wolfi dependencies. CI treats shell presence as informational. Why This Matters Container vulnerabilities are a top attack vector. Most base images ship with dozens of known CVEs that take weeks or months to patch: Traditional images: Your containers: ┌──────────────────┐ ┌──────────────────┐ │ debian:latest │ │ minimal-python │ │ 127 CVEs │ │ 0-5 CVEs │ │ Patched: ~30 days│ │ Patched: <48 hrs │ └──────────────────┘ └──────────────────┘ Impact: Pass security audits and compliance requirements (SOC2, FedRAMP, PCI-DSS) Reduce attack surface with minimal, distroless images Get CVE patches within 24-48 hours of disclosure (vs weeks for Debian/Ubuntu) Cryptographically signed images with full SBOM for supply chain security Quick Start # Python - run your app docker run --rm -v $( pwd ) :/app ghcr.io/rtvkiz...