Micro-sized container images, built by Red Hat’s trusted build system and delivered as a component of a Red Hat subscription, intend to reduce attack surfaces and strengthen software supply chain confidence

Red Hat, the world's leading provider of open source solutions, today announced Project Hummingbird, an early access program for Red Hat subscription customers that provides a catalog of minimal, hardened container images. Project Hummingbird is designed to help IT organizations address the constantly growing demand for better software with minimal attack surfaces, delivered more swiftly without compromising production security.

IT leaders frequently face a critical trade-off between application velocity and systems security. Time-to-market defines the modern application landscape, especially as AI-assisted and -generated coding tools accelerate development cycles, but this speed can run counter to the realities of managing multi-faceted, complicated software components. This seemingly leaves CIOs with two choices: Moving at the speed of business while balancing potential production systems risks, or being overcautious to the point of losing to competitor’s innovations.

Project Hummingbird addresses the dueling needs of speed and risk mitigation with a catalog of tested, micro-sized container images stripped of non-essential components, including:

• The latest languages and runtimes such as .Net, Go, Java, Node and more.
• Critical developer databases like mariadb and postgresql.
• Web servers and proxies with Nginx, caddy and others.
• Along with many other foundational components for modern application stacks.

By offering these leaner, production-ready images, Project Hummingbird intends to reduce the time and effort spent on package integration and vulnerability management, freeing up resources to focus on faster, more effective innovation.

Project Hummingbird strives to provide:

• “Zero-CVE” status, meaning that Project Hummingbird images are shipped free of known vulnerabilities with functionality testing already completed, confirming that the images are also genuinely useful and stable.
• A curated, production-ready catalog of the minimal, hardened containers most requested by Red Hat customers, giving developers only what they truly need to create differentiated applications, along with a smaller attack surface.
• Complete software bill of materials (SBOMs), enabling users to verify the contents of an image to help meet modern compliance requirements.
• Full production support will be available to subscription customers when Project Hummingbird is released for general availability. This delivers the full extent of a Red Hat subscription, providing access to Red Hat's hardened, documented software supply chain and deep enterprise expertise.

Additionally, unsupported Project Hummingbird images will be freely available and redistributable at general availability, alongside following a similar model to other Red Hat offerings including Red Hat Universal Base Image (UBI). Project Hummingbird is built using the open source development process, originating from Fedora Linux components. Fedora Linux serves as the upstream source for Red Hat Enterprise Linux development.

For more than 30 years, Red Hat has delivered hardened, production-ready open source technologies to global organizations across industries. “Zero-CVE” status is meaningless if the components do not work in complex environments, are difficult to integrate, or simply are not what developers need. Red Hat understands the nuances of running open source code on critical systems, and that deep enterprise expertise is the backbone of Project Hummingbird.

Supporting Quote

Gunnar Hellekson, vice president and general manager, Red Hat Enterprise Linux, Red Hat

"The speed of business today depends on the speed of software. As supply chain attacks grow in prominence, organizations are often forced to choose between moving fast and maintaining security posture. Project Hummingbird is designed to remove that trade-off by providing a minimal, trusted, and transparent zero-CVE foundation for building cloud-native applications. This limits vulnerabilities so development and IT security teams have a clear, direct path to business value with speed, agility, security, and peace of mind."

Additional Resources

• Learn more about Project Hummingbird
• Find out more about Red Hat Enterprise Linux

Connect with Red Hat

• Learn more about Red Hat
• Get more news in the Red Hat newsroom
• Read the Red Hat blog
• Follow Red Hat on X
• Follow Red Hat on Instagram
• Watch Red Hat videos on YouTube
• Follow Red Hat on LinkedIn

About Red Hat, Inc.

Red Hat is the open hybrid cloud technology leader, delivering a trusted, consistent and comprehensive foundation for transformative IT innovation and AI applications. Its portfolio of cloud, developer, AI, Linux, automation and application platform technologies enables any application, anywhere—from the datacenter to the edge. As the world's leading provider of enterprise open source software solutions, Red Hat invests in open ecosystems and communities to solve tomorrow's IT challenges. Collaborating with partners and customers, Red Hat helps them build, connect, automate, secure and manage their IT environments, supported by consulting services and award-winning training and certification offerings.

Forward-Looking Statements

Except for the historical information and discussions contained herein, statements contained in this press release may constitute forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are based on the company’s current assumptions regarding future business and financial performance. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially. Any forward-looking statement in this press release speaks only as of the date on which it is made. Except as required by law, the company assumes no obligation to update or revise any forward-looking statements.

Red Hat, Red Hat Enterprise Linux, the Red Hat logo and OpenShift are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the U.S. and other countries. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251119120973/en/

Red Hat's Project Hummingbird addresses the dueling needs of speed and risk mitigation with a catalog of tested, micro-sized container images stripped of non-essential components.