At Red Hat Summit 2026, a groundbreaking new distribution took the stage: Fedora Hummingbird. This container-based rolling release promises to bring the latest software to users faster than ever while maintaining exceptional security. Built on the principles of Project Hummingbird, it extends the distroless, vulnerability-free model from containers to the entire operating system. Whether you're a developer seeking cutting-edge tools or an enterprise prioritizing security, Fedora Hummingbird offers a fresh approach. Let’s dive into eight essential facts that define this innovative release.
1. What Is Fedora Hummingbird?
Fedora Hummingbird is a rolling Linux distribution that leverages container-like image-based workflows. Unlike traditional distributions, it boots directly from immutable images—similar to how containers work—and can run on bare metal, virtual machines, or in the cloud. The core idea is to strip away unnecessary components, leaving only what's essential. This approach not only reduces the attack surface but also ensures that updates are atomic and reliable. By combining the rolling release model with distroless principles, Fedora Hummingbird delivers the freshest software without the usual overhead or security baggage.
2. The Zero-CVE Mission of Project Hummingbird
Project Hummingbird, the foundation behind Fedora Hummingbird, has a single ambitious goal: eliminate every Common Vulnerability and Exposure (CVE) from its images and keep them at zero. This drives every architectural decision—from using distroless images and minimizing package footprints, to implementing hermetic builds and automation. The result? When you pull a Hummingbird image, you skip the nightmare of CVE triage, patching, and rebuilding. The team’s pipeline handles all that work, leaving you with a clean, secure starting point. Real-time CVE status is published live on the Hummingbird catalog.
3. Distroless Images: Why Less Is More
Distroless images are a cornerstone of Fedora Hummingbird. These images contain only the application and its absolute runtime dependencies—no package manager, no shell, no extra utilities. By stripping away unnecessary components, the attack surface shrinks dramatically. Fewer packages mean fewer potential vulnerabilities to track and patch. This philosophy extends from individual container images all the way to the host OS itself. The result is a lean, hardened system where each component is carefully curated. For developers, this means less time managing dependencies and more time building robust applications.
4. A Growing Catalog of Hardened Images
Over the past eight months, the team has built an impressive catalog of 49 unique minimal, distroless container images, covering popular runtimes like Python, Go, Node.js, Rust, Ruby, OpenJDK, .NET, and databases such as PostgreSQL and nginx. With 157 variants—including FIPS-compliant and multi-architecture versions—there’s an image for almost any workload. Each image undergoes continuous vulnerability scanning, ensuring that even as new CVEs emerge, the pipeline automatically rebuilds and ships patched versions. This catalog is a testament to the scalability of the Hummingbird approach.
5. How the Pipeline Keeps Images Secure
Behind the scenes, a Konflux-based pipeline orchestrates the entire build and update process. It uses fully isolated, reproducible builds with pinned package lists to ensure consistency. For efficient updates, the team developed a tool called chunkah, which downloads only the changed parts of an image—saving bandwidth and time. Continuous vulnerability scanning via Syft and Grype catches issues immediately. When an upstream patch is released, the pipeline detects it, rebuilds the affected images, runs tests, and pushes the update—all automatically. This infrastructure is what enables the zero-CVE promise.
6. Integration with Fedora Rawhide and Upstream
A remarkable aspect of Fedora Hummingbird is its tight integration with Fedora Rawhide. Over 95% of packages in every Hummingbird image are sourced directly from Rawhide without modification. For the remaining 5%, where Rawhide either doesn’t carry a package or the version isn’t fresh enough, the pipeline pulls directly from upstream sources. The team actively contributes its changes back to Fedora, strengthening the ecosystem. This symbiotic relationship ensures Hummingbird stays cutting-edge while remaining part of the Fedora family—similar to Fedora CoreOS but optimized for a different use case.
7. Immediate Availability and Usage
Fedora Hummingbird isn’t a distant concept—it’s already shipping. The foundation images are available right now from the Hummingbird containers repository. You can pull and boot them immediately, experiencing the distroless, rolling-release model firsthand. This early availability allows developers and sysadmins to test the waters, integrate with existing workflows, and provide feedback. The rolling nature means you’ll always have the latest software, but with the peace of mind that the pipeline has already done the security heavy lifting. Check out the Hummingbird catalog for current images.
8. The Future of Rolling Distributions
Fedora Hummingbird represents a paradigm shift in how we think about operating systems. By applying the container-based, image-first model to the entire OS, it challenges the traditional package-manager-centric approach. The combination of rolling updates, distroless minimalism, and automated CVE remediation could become the gold standard for secure, agile computing. As the project matures, we can expect even more images, deeper hardware support, and tighter integration with cloud-native tools. For anyone tired of vulnerability fatigue, Fedora Hummingbird offers a compelling glimpse into a future where the OS is as secure and up-to-date as the applications it runs.
Fedora Hummingbird isn’t just another Linux distribution—it’s a proof of concept that security and velocity can coexist. By extending the zero-CVE model of Project Hummingbird to the full operating system, it sets a new benchmark for what a rolling release can be. Whether you’re a developer eager to experiment or an enterprise seeking to minimize risk, Fedora Hummingbird deserves your attention. The images are ready, the pipeline is humming—why not give it a try?