New York, United States, June 08, 2026 (GLOBE NEWSWIRE) — Minimus today announced the general availability of two new capabilities that help organizations secure software dependencies and manage custom container images as code: Minimus Supply Chain Protection and minicli.
Minimus Supply Chain Protection addresses the challenge of securely using the tens of millions of packages from the application package universe. These packages have thousands of interwoven dependencies, are often maintained by a single developer, and are updated far less frequently than operating system packages. Existing approaches to secure these packages such as malware scanning and building from source are limited in coverage and scale given the size and complexity of the ecosystems.
Minimus Supply Chain Protection instead acts as a policy enforcement layer that sits between developers and public package repositories, allowing organizations to evaluate, control, and audit application dependencies before they are consumed by developers or CI/CD pipelines. A risk score for each package is assembled through an evaluation of package metadata, including commits, popularity, and use of a cooling-off period. Minimus provides default policies based on these risk factors, while exposing the underlying controls for teams that want to configure their own thresholds, allowlists, and blocklists.
Implemented as a pull-through proxy for NPM and PyPI, Supply Chain Protection operates with no impact on the developer experience, while giving security and platform teams visibility into package usage and the ability to enforce package trust policies across environments.
Customers can build multiple configurations with varying risk tolerance for environments and teams with different security priorities. Supply Chain Protection is supported by Minimus Actions, allowing customers to be notified of policy violations with varying enforcement levels and severities. A full audit log of policies and their impacts is available in a unified view across the platform.
Minimus minicli allows Minimus customers to extend both the visibility of custom images to their own local terminals and manage the full recipe for those images as code. With minicli, customers can view and manage existing private images, inspect custom image structures including additional packages, file bundles, and environment variables, export and version-control image configurations as YAML files, and trigger and monitor new image builds.
This enables teams to integrate image management into existing Git-based workflows and CI/CD pipelines, bringing the same automation and change control used for application and infrastructure code to custom container images. minicli is available to download publicly via API for macOS and Linux on amd and arm platforms.
Minimus Supply Chain Protection and minicli are both available now. When combined with Minimus Images, which already remove 98%+ of vulnerabilities in container base images, customers can now apply consistent security controls across both the OS package layer and the application dependency layer. They can also manage the full recipe for those builds as code, fitting into any and all technology stacks that use container images.
For more information, visit minimus.io or contact [[email protected]].
About Minimus
Founded in October 2022 by Ben Bernstein, Dima Stopel, and John Morello, Minimus radically reduces cloud software vulnerabilities. As the pioneers of container security with Twistlock and author of NIST SP 800-190, Minimus solves the endless treadmill of cloud software vulnerabilities by simply preventing 98% of them from ever existing, delivering a modern foundation for secure container software, open source container security, and software supply chain security.
Minimus builds images from scratch, directly from upstream project sources, with only the minimal software needed to run the app, dramatically reducing their attack surface. Minimus images are drop-in replacements for the apps organizations are already using and are deployed with single line configuration file changes, providing nearly instant time to value. Minimus eliminates time-consuming and low-value remediation work for devs, is easy for ops to deploy and manage using their existing tools, and provides security with remarkably clear risk reduction. Minimus raised a $51M seed round from YL Ventures and Mayfield.