Minimus Announces General Availability of Supply Chain Protection and Minicli

The software supply chain has become a prime attack vector, with millions of open‑source packages feeding modern applications. Traditional defenses—malware scanning or rebuilding from source—struggle to keep pace with the sheer volume and interdependency of NPM and PyPI libraries. Minimus, a veteran of container security, introduced two services that aim to close this gap: Supply Chain Protection, a policy‑enforcement proxy, and minicli, a command‑line tool that treats container images as code. Together they extend zero‑trust principles from the operating‑system layer down to individual package dependencies.

Supply Chain Protection sits between developers and public registries, assigning a risk score to each artifact based on commit history, popularity metrics, and a configurable cooling‑off period. Organizations can apply default policies or fine‑tune allowlists and blocklists to match their risk appetite, while Minimus Actions push real‑time violation alerts into existing ticketing or SIEM systems. Because the proxy operates transparently, build pipelines see no latency, yet security teams gain full audit trails and the ability to enforce consistent trust standards across development, staging, and production environments.

The companion minicli tool brings container image management into the same Git‑centric workflow that developers already use for code. By exporting image configurations as YAML, teams can version, review, and trigger builds directly from CI/CD pipelines, reducing manual hand‑offs and potential drift. When paired with Minimus Images—which claim to eliminate more than 98 % of known vulnerabilities—the combined stack offers end‑to‑end protection from base‑image hardening to third‑party package vetting. The recent $51 million seed round signals investor confidence that such integrated supply‑chain solutions will become a baseline requirement for cloud‑native enterprises.