Minimus Adds VEX Support and Microsoft SSO Integration to Hardened Images Service

Mike Vizard explains how Minimus’ updated service now helps DevSecOps teams with VEX support, secure Helm charts for Kubernetes, compliance dashboards, and Microsoft SSO integration, enhancing application security workflows.

Minimus Adds VEX Support and Microsoft SSO Integration to Hardened Images Service

Minimus has expanded its managed service for application developers with several major security and compliance enhancements:

Key Updates at a Glance

• VEX (Vulnerability Exploittability eXchange) Support:
  • The service now includes support for the VEX format, allowing DevSecOps teams to better share vulnerability and exploitability data between security tools and platforms.
• Hardened Helm Charts for Kubernetes:
  • Minimus provides hardened Helm charts aligned to Center for Internet Security (CIS) and NIST best practices, helping teams deploy applications on Kubernetes clusters with robust security controls such as enforced role-based access restrictions and the principle of least privilege.
• Compliance Dashboards:
  • New dashboards and views enable teams to monitor security posture, compliance status, and threat data in real time. These views support operational awareness and help with regulatory requirements.
• Microsoft Single Sign-On (SSO) Integration:
  • An integration with Microsoft SSO streamlines authentication for development teams and aligns with enterprise security standards.

Benefits for DevSecOps and Security

• Operationalization:
  • The enhancements make it easier for DevSecOps teams to adopt and operationalize hardened images, reducing manual work while improving adherence to best practices.
• Supply Chain Security:
  • By using curated and continuously vetted images along with secure Helm charts, teams lower the risk of introducing vulnerabilities—instead of relying on scanning after the fact, security is built in from the source.
• Threat Intelligence Monitoring:
  • Minimus incorporates continuous threat intelligence monitoring, giving application developers up-to-date insights into emerging risks.
• Addressing Alert Fatigue:
  • Built-in vetting of artifacts and clear VEX data helps DevSecOps teams focus on real issues, avoiding overwhelming alert volume.

Implementation Notes

• In-house repositories and manual artifact scanning are still possible, but Minimus’ automated approach aims to free up development time for building features rather than maintaining custom security infrastructure.
• Secure provisioning via Helm charts, aligned to industry standards, ensures deployment configurations follow least privilege and role-based access control principles.

Industry Significance

With supply chain attacks on the rise and attackers targeting developer tooling and artifact repositories, these updates help organizations move from reactive vulnerability scanning toward proactive, controlled software supply chains.

---

Further Reading:

• What’s New in Minimus – August 2025
• Minimus Secure Software Artifacts Service Overview

This post appeared first on “DevOps Blog”. Read the entire article here