[morellonet]

It’s a library of near 0 CVE images available to use for free. Think Docker Hub, just without vulnerabilities.

They’re all normal, OCI compliant images. You can pull them, run them, and build on them like you would any other image.

arm64 and amd64 builds for everything

[alfanick]

> just without vulnerabilities

You surely mean "without known and reported vulnerabilities". I doubt you're proactively fixing the world across thousands of software packages /s

[morellonet]

Correct, we are not claiming to be auditing the source of every software package in the world. The value we provide is a minimalistic architecture so you start with a significantly smaller attack surface and continuous builds of upstream so you stay at a near 0 CVE state without the substantial work required to do so yourself. Basically, we help you get all the upstream fixes from across the OSS ecosystem as quickly, safely, and easily as possible.