←back to thread

The Deletion of Docker.io/Bitnami

(community.broadcom.com)
329 points zdkaster | 7 comments | 28 Aug 25 04:37 UTC | HN request time: 0.84s | source | bottom
1. morellonet ◴[28 Aug 25 12:56 UTC] No.45051606[source]
If you’re looking for an alternative here, we (the team that built Twistlock) launched Minimus a few months ago to provide near zero CVE images built continuously from source. We have long experience in this space (we even wrote NIST SP 800-190) and I’d love to talk if we could help anyone. We also have drop in replacement images and charts for Bitnami, as we describe here: https://www.minimus.io/post/the-bitnami-pricing-changes-what...

If anyone has tech questions about how it all works, tools we use, customer scenarios, etc I’d be happy to discuss.

replies(4): >>45052737 #>>45053063 #>>45053091 #>>45054839 #
2. CubsFan1060 ◴[28 Aug 25 14:38 UTC] No.45052737[source]
The main question as always is price. I was also interested in things like Chainguard and Docker secure images until I had a sales call with them and found out the price.

I can’t seem to find the price anywhere on your site… I assume the reason for that is that it’s also nearly impossible for a non-fortune 500 to afford?

replies(1): >>45054537 #
3. mdaniel ◴[28 Aug 25 15:00 UTC] No.45053063[source]
Please offer an implementation of the docker-credential helper, just like chainguard does with docker-credential-cgr[1], and don't put throwaway text that says "docker supports credential stores, so good luck to you" on your website https://docs.minimus.io/foundations/authentication#using-a-c...

1: https://edu.chainguard.dev/chainguard/chainguard-images/chai...

replies(1): >>45054591 #
4. mdaniel ◴[28 Aug 25 15:03 UTC] No.45053091[source]
Also, this form is nonsensical https://www.minimus.io/get-started#signup-form because it distinguishes between "Individual" and "Organization" but then Company is a mandatory field. Maybe just go ahead and label it "Lead Gen / Ask For A Demo"
5. morellonet ◴[28 Aug 25 17:08 UTC] No.45054537[source]
Nope - we're early stage so we're really flexible not just on pricing but licensing terms too. We have many customers that are smaller startups, not just typical F500 types.
6. morellonet ◴[28 Aug 25 17:13 UTC] No.45054591[source]
It's on the roadmap :)

It's a good feature, just hasn't been prioritized so far because customers haven't really had trouble with the current basic approach.

7. carrodher ◴[28 Aug 25 17:36 UTC] No.45054839[source]
Let me rewrite the comparison used in the "Example: Using Bitnami vs. Minimus" section of the blog post:

Using Bitnami Secure Images: You pull a versioned PostgreSQL image built on a minimal-attack-surface OS (Photon). When a CVE is disclosed or a new upstream version is released, Bitnami’s automation takes care of everything: a new container image (and Helm chart, if applicable) is built, tested, and published to your registry within hours. All you need to do is update to the latest version; no manual CVE monitoring, triage, or patching required.