Product

Ginger OS: purpose-built for securely deploying long-running server applications

What is Ginger OS?

Ginger OS is an immutable, Unix-based operating system for deploying hardened microVMs. Composed of fewer than 20 files, it delivers a minimal attack surface: every executable is known, every process is authorized, and a security daemon verifies system integrity every minute. The result is a verifiable security posture you can explain to an auditor in one conversation.

  • Provable least privilege - Every file is audited, not just sampled.
  • Phishing resistance - The system runs autonomously without user login.
  • Continuous attestation - All userspace executables are scanned and verified every minute.
  • Flexible deployment options - AWS EC2 and KVM/QEMU are officially supported. Let us know if you need something else.

Runtime Architecture

Once deployed, the on-VM security daemon sends signed measurements to the Appraiser every minute.

Ginger VM
Your Application
Ginger Security Daemon
Scheduled Security Report
Ginger Appraiser
Known-Good Baselines

How the Ginger Toolchain Works

Use gingervm to build hardened microVM images and deploy them to your infrastructure.

Configure

Configure your application

Enumerate your application's files and dependencies in our configuration file format. The toolchain uses the configuration to determine exactly what gets included in the VM disk images.

Build

Build the VM image with your binaries

Run gingervm image version create to produce a reusable disk image. The toolchain copies your binary into a minimal Ginger OS filesystem. It hashes every executable and uploads the known-good list to the Ginger Appraiser, then writes a bootable disk image.

Deploy

Build the deployment disk

Run gingervm server deployment create. This builds a deployment disk containing the configuration files for the binaries in your image version disk.

How Attestation Works

An appraisal is one security scan of one running server. Appraisals run every minute, automatically.

Pro plan deployments report to Ginger's central Appraiser. If you need to run your own Appraiser on-premise, request more information about an Enterprise Site License.

Build

Establish the security baseline

When you build a VM image, the Ginger Toolchain creates a known-good baseline using file hashes.

Scan

Scan all executables every minute

The on-VM attestation daemon measures every executable file and generates a cryptographic report.

Appraise

Report measurements to the Appraiser

The report is securely transmitted to the Ginger Appraiser where it is verified against the known-good image.

Audit

Audit your security posture anytime

Ginger keeps your latest appraisal and your most recent failure. At any moment you can show auditors, customers, or your team that your servers are running exactly what they should be.

Ready to see it in action?

Book a 30-minute demo and we'll walk through a live deployment.

Schedule a Demo See pricing

Copyright © 2026 | Ginger Cybersecurity LLC | All Rights Reserved

Privacy Policy / Cookie Policy / Terms and Conditions