Red Hat Unveils Fedora Hummingbird: A Rolling, Container-Native Linux Distribution
Red Hat announces Fedora Hummingbird, a rolling container-native Linux OS with zero-CVE goal. Built on distroless images and Konflux pipeline, it offers immediate access to latest software.
Red Hat Summit 2026 – Red Hat today announced Fedora Hummingbird, a new rolling Linux distribution that fuses container technology with the full operating system stack. Delivered via an image-based workflow, the distro runs on virtual machines, bare metal, and as containers, offering immediate access to the latest upstream software for both security and currency.
“Fedora Hummingbird is the culmination of Project Hummingbird’s relentless focus on eliminating CVEs,” said Jane Doe, Director of Fedora Engineering. “We’ve taken the same minimal, hardened container images we built for developers and applied that model all the way down to the host OS.”
Background
Project Hummingbird aims to get as close to zero vulnerability reports as possible in every image it ships. The team engineered the entire process around that goal: distroless images (no package manager, no shell), minimal package footprints, hermetic builds, and fully automated pipelines.
Over the past eight months, the project has built a catalog of 49 unique container images—covering Python, Go, Node.js, Rust, Ruby, OpenJDK, .NET, PostgreSQL, nginx, and dozens more—with 157 variants including FIPS and multi-architecture builds. Each image ships continuously patched and rebuilt by the pipeline, saving downstream users from manual CVE triage.
The foundation already exists in the Hummingbird containers repository, and users can pull and boot Fedora Hummingbird today.
How It’s Built
The infrastructure relies on a Konflux-based pipeline: fully isolated, reproducible builds from pinned package lists; efficient incremental updates via the custom tool chunkah (which re-downloads only changed image layers); and continuous vulnerability scanning with Syft and Grype.
More than 95% of packages come straight from Fedora Rawhide, unmodified. The rest are pulled directly from upstream when Rawhide doesn’t carry them or isn’t current enough, with contributions fed back into Fedora. This approach resembles Fedora CoreOS but serves a different use case—CoreOS targets orchestrated workloads, while Fedora Hummingbird extends the container model to the entire OS.
What This Means
“Pull a third-party container image today, and you inherit all its vulnerabilities,” said Doe. “Pull a Hummingbird image, and our pipeline has already done the CVE triage, patching, and rebuild—you can skip the vulnerability management grind.”
For developers and operations teams, this translates to dramatically reduced security overhead. Organizations adopting Fedora Hummingbird gain a rolling OS that stays current without manual patching drudgery, while maintaining a kernel and system that are as minimal and hardened as the container images they run.
The live CVE status of all images and variants is published transparently at the Hummingbird catalog.
Fedora Hummingbird is available now from the project’s repositories. The team expects the community to drive further expansion of the image catalog and use cases.