It is built on the security-first pipeline behind Project Hummingbird’s existing container catalog, with the foundational project itself being something Red Hat introduced as an early access program for subscribers back in November 2025.
The main idea behind the project is to ship a catalog of minimal, hardened, distroless container images kept at near-zero CVE status. When a vulnerability gets patched upstream, the build pipeline finds it, rebuilds the affected image, and ships it.
Fedora Hummingbird is applying the same logic but to a full-size operating system, using a Konflux-based build pipeline, drawing over 95% of packages from Fedora Rawhide.
Awesome. Is there anything like this for Debian?
Not out of the box
Right now all the container-bootc stuff is mostly centered in the redhat/fedora ecosystem. But I think people are working on generalizing things. Take a look at blue-build.org, I recall they were working on supporting other distros