RapidFort Introduces Kimia Open Source Project

New container build platform replaces Kaniko with enterprise-grade security, 100% backward compatibility, and 90% attack surface reduction

RapidFort, the leader in end-to-end security for the global software supply chain, today announced the release of the Kimia open source project, a next-generation, daemon-less container build system, developed in collaboration with SOSi. Kimia is the natural successor to Kaniko—which is no longer maintained—and delivers 100% backward compatibility for Kaniko users while dramatically improving performance and security.

As organizations look for a secure, actively maintained alternative to Kaniko, Kimia steps in to fill the gap. Building on Kaniko’s innovation of removing Docker daemon dependencies, Kimia adds enterprise-grade security features and complete Dockerfile support. While maintaining Kaniko’s ease of use, Kimia introduces true rootless operation, and real-time Software Bill of Material (SBOM) generation, giving teams a secure, compliant, and efficient build pipeline for modern cloud environments. By running entirely as a non-root process and using minimal Linux capabilities (SETUID and SETGID), Kimia provides complete privilege isolation through user namespaces and is fully compliant with Kubernetes Pod Security Standards “Restricted” policy.

“Kaniko solves a critical challenge for developers, building containers securely without privileged mode,” said George Manuelian, Chief Strategist at RapidFort. “With Kimia, we take that foundation further by embedding attestation, signing, and continuous validation directly into the build process, transforming container builds into verifiable, supply chain–secure operations.”

Key highlights of Kimia include:

• Drop in replacement for Kaniko
• Reproducible builds: Ensures consistent, bit-for-bit identical outputs
• Image Signing: Cryptographic signatures for verification
• Attestation (SBOM & Provenance)
  • SBOM: Lists all software components in the image
  • Provenance: Documents how/when/where the image was built

“Collaborating on Kimia reinforces our commitment to advancing secure, modern software delivery,” said Kyle Fox, Chief Technology Officer at SOSi. “Kimia gives our teams — and the customers we serve — a hardened, fully verifiable build process with strong attestation that finally closes long-standing gaps in supply-chain security. It offers a seamless path forward for organizations that need both speed and compliance.”

Kimia is available immediately for download from ghcr.io, and organizations currently using Kaniko can migrate within minutes using existing configurations. For detailed migration guides, documentation, and deployment examples, visit https://us01.rapidfort.com/docs/smithy or the project’s GitHub repository at https://github.com/rapidfort/kimia.

About RapidFort

RapidFort delivers a modern software supply chain security platform built to help organizations ship safer software with less overhead. Its curated near-zero-CVE container images, automated vulnerability remediation, runtime intelligence, and built-in hardening tools reduce noise, shrink attack surfaces, and keep applications secure from build to production.

With a free tier and community-maintained images, RapidFort makes secure development accessible to teams of any size. Learn more at rapidfort.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251203753390/en/