Security in depth. From the immutable root filesystem to the signed container registry, every layer of the stack is hardened by default.
Lock it down.
Read-Only Root. The VayuOS root filesystem is mounted read-only. No persistence means attackers cannot install rootkits.
Immutability →Isolation. Default profiles strictly limit the syscalls that containers can make. Minimize the attack surface area.
Profiles Guide →Vulnerability Checking. Automated scanning of running containers and host packages against the latest CVE databases.
Scanner Setup →