Achieving a 0-CVE OS for VMs: The End of Traditional Patching
Summary
The article explores achieving a zero-known-CVE VM image posture by using RHEL image mode to create immutable, easily updatable VM images. It covers architecture choices, tooling (bootc-image-builder, digestbot), and a rollback-friendly workflow to boost confidence in updates and security across VM workloads.