Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
APACHE-2.0 License
Bot releases are hidden (Show)
Published by kcq 9 months ago
build
command flags (--include-dir-bins
and --include-ssh-client
).images
command to list container images.xray
.xray
command reports to include object type information.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
Published by kcq 9 months ago
See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
Published by kcq 9 months ago
mondel
.mondel
event capture to prevent event data loss on sensor shutdown.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
Published by kcq 9 months ago
vulnerability
command and the epss
subcommand to lookup EPSS scores for vulnerabilities.registry server
command to have a local OCI registry (thank you Sarvesh Raj, @sarveshraj, for your contribution!).registry push
command to push local images to a registry.images
command to list container images.registry pull
command to pull images from authenticated registries.quiet
mode improvements (WIP) to hide the standard execution context output when it's enabled.quiet
mode for the images
command.images
, registry
and vulnerability
commands and a couple of global flags.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
Published by kcq 10 months ago
registry image-index-create
command to create multi-architecture images.images
command to list container images.mondel
events with timestamps and sequence numbers.Build them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq 12 months ago
control
commands to control sensor execution when running in the standalone mode (first command: stop-target-app
).xray
- detect system identities (users, groups) and their properties (--detect-identities
flag, enabled by default).build
- Keep the OS/libc zoneinfo data (--include-zoneinfo
flag, disabled by default).build
/profile
- Mon(itor) Data Event Log (aka mondel
) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel
main app flag, --mondel
/-n
sensor flag(s)).target-app-running
sensor lifecycle hook.build
/profile
: --env-file
to load env vars from a file.build
/profile
: basic input validation to ignore malformed env var data for the --env
flag.build
: Using internal output image builder by default (--image-build-engine
flag)Dockerfile.fat
to Dockerfile.reversed
(the reversed Dockerfile is also saved with the old name for backward compatibilityBuild them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq 12 months ago
control
commands to control sensor execution when running in the standalone mode (first command: stop-target-app
).xray
- detect system identities (users, groups) and their properties (--detect-identities
flag, enabled by default).build
- Keep the OS/libc zoneinfo data (--include-zoneinfo
flag, disabled by default).build
/profile
- Mon(itor) Data Event Log (aka mondel
) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel
main app flag, --mondel
/-n
sensor flag(s)).target-app-running
sensor lifecycle hook.build
/profile
: --env-file
to load env vars from a file.build
/profile
: basic input validation to ignore malformed env var data for the --env
flag.build
: Using internal output image builder by default (--image-build-engine
flag)Dockerfile.fat
Dockerfile.reversed
Build them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq about 1 year ago
prompt
mode for the target, namespace, pod and session flagsdebug
command terminal that runs as if you are connected directly to the target image you are debugging (enabled by default)debug
commanddebug
command sessionsdebug
command flags (see README)debug
commanddebug
command bug fixesBuild them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq over 1 year ago
debug
commandappbom
command in the main app and --appbom
flag in the sensormerge
command to merge two container images (optimized to merge two minified images)debug
command flagsdebug
commandBuild them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq over 1 year ago
build
command flag to prevent the vulnerability scanners from discovering the metadata they need to identify the vulnerabilities (--obfuscate-metadata
) inspired by the Malicious Compliance
KubeCon EU 2023 talkBuild them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq over 1 year ago
build
command (--include-workdir
)Build them from source or download from a CDN location:
docker pull dslim/slim
Published by kcq over 1 year ago
--image-build-engine
, --image-build-arch
parameters)Build them from source or download from a CDN location:
Published by kcq almost 2 years ago
Build them from source or download from a CDN location:
Published by kcq about 2 years ago
debug
commandhttp-probe-exec
and http-probe-exec-file
to be host-exec
and host-exec-file
(breaking change)Build them from source or download from a CDN location:
Published by kcq over 2 years ago
--include-node-package
)--include-app-next-*
)--include-app-nuxt-*
)--rta-source-ptrace
)Build them from source or download from a CDN location:
Published by kcq over 2 years ago
--container-probe-compose-svc
flag and container.probe
continue-after mode)--target-compose-svc-image
flag)--http-probe-start-wait
flag)--compose-svc-start-wait
flag)registry
command and a basic pull
subcommand--include-new
build flag to keep new files created by target during dynamic analysisslim.config.json
sensor-ipc-mode
and sensor-ipc-endpoint
flags for build
and profile
)include-cert-all
build flag enabled by defaultBuild them from source or download from a CDN location:
Published by kcq almost 3 years ago
Build them from source or download from a CDN location:
Published by kcq almost 3 years ago
--registry-account
, --registry-secret
, --docker-config-path
flags)dep-include-target-compose-svc-deps
, compose-env-nohost
, compose-env-file
, compose-workdir
, compose-project-name
)delete-generated-fat-image
flag to cleanup the non-optimized images when docker-slim
builds images from source/Dockerfilemaintainer
info collection for xrayBuild them from source or download from a CDN location:
Published by kcq about 3 years ago
Build them from source or download from a CDN location:
Published by kcq about 3 years ago
Build them from source or download from a CDN location: