slim

New Features

• New build command flags (--include-dir-bins and --include-ssh-client).
• Simple images command to list container images.

Improvements

• OCI image format support in xray.
• Improved xray command reports to include object type information.

Bug Fixes

• Fixes and dependency updates to support the new Docker Engine version (25.x).

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

Bug Fixes

• Sensor artifact (post-)processing bug fix for additional PT generated artifacts.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

Improvements

• Added command parameter information to process events in mondel.
• Enhanced mondel event capture to prevent event data loss on sensor shutdown.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

New Features

• New vulnerability command and the epss subcommand to lookup EPSS scores for vulnerabilities.
• Simple registry server command to have a local OCI registry (thank you Sarvesh Raj, @sarveshraj, for your contribution!).
• Simple registry push command to push local images to a registry.
• Simple images command to list container images.
• RPM packaging for the apps (thank you Rohan Jamadagni, @Rohansjamadagni, for your contribution!)

Improvements

• Enhanced registry pull command to pull images from authenticated registries.
• quiet mode improvements (WIP) to hide the standard execution context output when it's enabled.
• quiet mode for the images command.
• Interactive prompt updates to include the images, registry and vulnerability commands and a couple of global flags.
• Monitor Data Event Log (mondel) enhancement to improve the write path.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

New Features

• Simple registry image-index-create command to create multi-architecture images.
• Simple images command to list container images.

Improvements

• Improved ptmon syscall handling.
• Enhanced mondel events with timestamps and sequence numbers.
• Extra docker socket validation checks.
• Version info on exit/failure.
• Temp container cleanup improvements.
• ARM image build scripts for the containerized distribution.

Bug Fixes

• Websocket http probe bug fix.
• Various ptmon bug fixes.

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

New Features

• Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
• xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
• build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
• build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

• target-app-running sensor lifecycle hook.
• build/profile: --env-file to load env vars from a file.
• build/profile: basic input validation to ignore malformed env var data for the --env flag.
• build: Using internal output image builder by default (--image-build-engine flag)
• Renamed the reverse engineered Dockerfile from Dockerfile.fat to Dockerfile.reversed (the reversed Dockerfile is also saved with the old name for backward compatibility

Bug Fixes

• Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

New Features

• Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
• xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
• build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
• build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

• target-app-running sensor lifecycle hook.
• build/profile: --env-file to load env vars from a file.
• build/profile: basic input validation to ignore malformed env var data for the --env flag.
• build: Using internal output image builder by default (--image-build-engine flag)
• Renamed the reverse engineered Dockerfile from Dockerfile.fat
  to Dockerfile.reversed

Bug Fixes

• Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

Improvements

• Auto-complete in the interactive prompt mode for the target, namespace, pod and session flags
• Interactive debug command terminal that runs as if you are connected directly to the target image you are debugging (enabled by default)
• Basic sessions for debug command
• Ability to show logs for the existing debug command sessions
• More debug command flags (see README)
• README docs updates for the debug command

Bug Fixes

• Many debug command bug fixes

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

New Features

• Kubernetes runtime support for the debug command
• appbom command in the main app and --appbom flag in the sensor
• merge command to merge two container images (optimized to merge two minified images)

Improvements

• More debug command flags
• README docs for the debug command
• Ability to detect the Docker Desktop unix socket
• Code and logging cleanup

Bug Fixes

• Sensor volume fix for sensor symlinks (to address the Homebrew installed problems with sensor)
• Various dependency updates to get security fixes

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

Improvements

• New experimental build command flag to prevent the vulnerability scanners from discovering the metadata they need to identify the vulnerabilities (--obfuscate-metadata) inspired by the Malicious Compliance KubeCon EU 2023 talk

Bug Fixes

• HEALTHCHECK instruction decoding enhancements to handle the data generated by buildah
• fsutil format string bug fix

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

Improvements

• New include flags for the build command (--include-workdir)
• Debug/trace logging improvements

Bug Fixes

• yes :)

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1
• Containerized: docker pull dslim/slim

New Features

• Base image metadata for xray
• Basic support for multiple image build engines (--image-build-engine, --image-build-arch parameters)

Improvements

• Dockerfile reverse engineering updates
• buildkit Dockerfile instruction support
• name change

Bug Fixes

• many :)

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

New Features

• Experimental debug command
• JSON console output format

Improvements

• refactored http-probe-exec and http-probe-exec-file to be host-exec and host-exec-file (breaking change)

Bug Fixes

• many :)

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

New Features

• Experimental Node.js package include flag (--include-node-package)
• Experimental Next.js (React.js) app include flags (--include-app-next-*)
• Experimental Nuxt.js (Vue.js) app include flags (--include-app-nuxt-*)
• Ability to disable the ptrace data source (--rta-source-ptrace)

Improvements

• Various monitoring engine enhancements

Bug Fixes

• Healtheck instruction handling fix

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

New Features

• Container probe feature to use one of the compose services to test/probe the target container (--container-probe-compose-svc flag and container.probe continue-after mode)
• Ability to override the container image name and/or tag when targeting a compose service (--target-compose-svc-image flag)
• Ability to wait before executing the HTTP probes (--http-probe-start-wait flag)
• Ability to wait before starting each compose service (--compose-svc-start-wait flag)
• Basic FastCGI protocol support in HTTP probes (docs TBD)
• New registry command and a basic pull subcommand
• --include-new build flag to keep new files created by target during dynamic analysis
• Supprot for stored global param in slim.config.json

Improvements

• Improved containerized CI/CD environments support (sensor-ipc-mode and sensor-ipc-endpoint flags for build and profile)
• Docker host detection improvements
• Target container IP detection improvements
• Not minifying onbuild base images by default
• Not minifying already minified images
• Cleanup container resources on exit
• include-cert-all build flag enabled by default
• Propagate logging flags to sensor
• Not using default http probe if custom probes are already defined
• Many compose related enhancements (volume lookup enhancements, compose image detection and error handling, etc)
• Various monitoring engine enhancements
• Migrate from urfave/cli/v1 to urfave/cli/v2
• Dockerfile reverse engineering enhancements (HEALTHCHECK instruction support, improved RUN instruction reversing when ARGs are also used)

Bug Fixes

• Volume mounting bug fixes for compose

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

New Features

• Install command / docker cli plugin install option (preview version)

Improvements

• Container and compose link handling enhancements
• Volume mounting enhancements
• Static analysis improvements
• Symlink handling improvements for builds
• Collecting file check filesystem activity
• Entrypoint/cmd override handling improvements

Bug Fixes

• Volume mounting bug fixes for compose

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

New Features

• Ability to pull images from private registries (--registry-account, --registry-secret, --docker-config-path flags)

Improvements

• Additional flags for compose (dep-include-target-compose-svc-deps, compose-env-nohost, compose-env-file, compose-workdir, compose-project-name)
• Variable substitution support in compose
• Detect duplicates by default in xray
• Resource cleanup when the build command exits
• delete-generated-fat-image flag to cleanup the non-optimized images when docker-slim builds images from source/Dockerfile
• Improved maintainer info collection for xray

Bug Fixes

• Volume mounting bug fixes for compose

Binaries

Build them from source or download from a CDN location:

• Linux
• Linux ARM
• Linux ARM64
• Mac
• Mac M1

Features

• Experimental docker-compose support for the build command
• Include cert flags to make it easier to keep certificate data in the optimized images

Improvements

• Install script
• Original image platform information in optimized images

Binaries

Build them from source or download from a CDN location:

• Mac
• Mac M1
• Linux
• Linux ARM
• Linux ARM64

Features

• Cert detection for xray

Improvements

• Add platform information to minified image (from original image)

Bug Fixes

• Cleanup partially saved images for xray

Binaries

Build them from source or download from a CDN location:

• Mac
• Mac M1
• Linux
• Linux ARM
• Linux ARM64