Getup Cloud

Secure images from the build.
No CVEs, with signature,
SBOM, and provenance.

Catalog of auditable, production-ready, and secure-by-default images from build. From languages like Node, Java, and .NET, to infrastructure components like Istio, Prometheus, NGINX, and ArgoCD.

LEARN MORE

Who trusts Getup

Inherited trust is
blind trust!

Inherited trust is blind trust!

The problem goes beyond known vulnerabilities. It lies in the images and components you run without knowing who built them, with what, and why.

You trust it because "it's the standard." But without traceability, there is no safety, only habit.

Image without CVEs ≠ Ready
for production

Image without CVEs ≠ Ready for production

A “zero-CVE” image means nothing if:

You don't know how it was built

The foundation comes from a place you do not control

Missing signature or SBOM

It includes packages that your application doesn't even use

It is not enough to be "CVE-free." A secure image needs to be auditable and traceable.

What criteria define a

production-ready image?

Criterion

Traditional image

Getup Image

Attack surface (CVEs)

Hundreds of CVEs, increasing daily.

CVEs resolved in the base,

daily.

Base provenance

Unknown origin, without governance or traceability

Built with total control and guaranteed traceability.

Image signature

Absent.

Signed with Cosign.

SBOM

Non-existent or incomplete.

Complete SBOM integrated into the build process.

Minimum runtime

Generic packages, shells, and toolchains included.

Minimal image: only what is necessary for safe execution.

This comparison shows the criteria we use at Getup to ensure secure images;

control, traceability, and continuous updates right from the build.

This comparison shows the criteria we use at Getup to ensure secure images;
control, traceability, and continuous updates right from the build.

Secure your spot in the

early access program!

Secure your spot in the
early access program!

Security starts at the first build!

At Getup, these criteria are not theoretical ideals; they are the foundation of what we deliver.

Images are automatically rebuilt every day with upstream fixes applied to the base. The process is reproducible and auditable — ensuring that today's image is identical to tomorrow's, with total traceability.

our build process guarantees

Fixes applied in the build

Minimal, regularly updated images to deliver virtually zero CVEs and a drastically reduced attack surface from day one.

Automatic and daily builds

Updates applied automatically based on upstream changes; no scripts, no manual intervention.

Integrated SBOM, signing, and provenance

Each image includes SBOM and provenance history, ready

for audit at any

time.

Mirror for your registry, with webhook support

Images can be mirrored to your registry. A webhook notifies your pipeline when a new version with security fixes is available.

SLA for critical and high vulnerabilities

Corrections applied in up to 7 days, with deadlines guaranteed by enterprise-level SLAs.

All of this done in the build — without relying on alerts or manual fixes.

Start with images

ready for production!

Start with images

ready for production!

We are running early access with companies that want to stop reacting to alerts and start running trusted images, right from the source.

by participating, you:

Eliminates the burden of managing

CVEs.

Reduces friction with audits and the supply chain.

Collaborates directly with our engineering team.

You have access to exclusive conditions in the first year.

Social