Red Hat has announced the launch of Project Hummingbird, an early access program aimed at providing its subscription customers with a catalog of minimal, hardened container images. The initiative is designed to help IT organizations address the increasing need for secure software delivered quickly, while minimizing attack surfaces.
Gunnar Hellekson, vice president and general manager of Red Hat Enterprise Linux at Red Hat, stated: “The speed of business today depends on the speed of software. As supply chain attacks grow in prominence, organizations are often forced to choose between moving fast and maintaining security posture. Project Hummingbird is designed to remove that trade-off by providing a minimal, trusted, and transparent zero-CVE foundation for building cloud-native applications. This limits vulnerabilities so development and IT security teams have a clear, direct path to business value with speed, agility, security, and peace of mind.”
Project Hummingbird offers a collection of micro-sized container images that are built using Red Hat’s trusted build system. These images include recent versions of programming languages and runtimes such as .Net, Go, Java, Node; developer databases like mariadb and postgresql; web servers and proxies including Nginx and caddy; as well as other foundational components needed for modern application stacks.
The images are stripped of non-essential components to reduce their size and potential attack vectors. According to Red Hat, these images are shipped with “Zero-CVE” status—meaning they contain no known vulnerabilities—and have undergone functionality testing to ensure they remain useful and stable in production environments.
Red Hat notes that Project Hummingbird also provides complete software bill of materials (SBOMs) with each image. This feature enables users to verify image contents for compliance requirements.
While full production support will be available to subscription customers once Project Hummingbird becomes generally available, unsupported versions will be freely available for redistribution. This model follows the approach used for other Red Hat offerings such as the Universal Base Image (UBI). The project uses an open source development process based on Fedora Linux components.
Red Hat emphasizes its experience in delivering enterprise-grade open source technologies over more than three decades. The company highlights that effective “Zero-CVE” solutions require not just vulnerability-free components but also integration capabilities suited for complex environments.
More information about Project Hummingbird can be found on Red Hat’s official channels.
