Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
build
command flags (--include-dir-bins
and --include-ssh-client
).images
command to list container images.xray
.xray
command reports to include object type information.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
mondel
.mondel
event capture to prevent event data loss on sensor shutdown.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
vulnerability
command and the epss
subcommand to lookup EPSS scores for vulnerabilities.registry server
command to have a local OCI registry (thank you Sarvesh Raj, @sarveshraj, for your contribution!).registry push
command to push local images to a registry.images
command to list container images.registry pull
command to pull images from authenticated registries.quiet
mode improvements (WIP) to hide the standard execution context output when it's enabled.quiet
mode for the images
command.images
, registry
and vulnerability
commands and a couple of global flags.See the INSTALLATION
section in the README
: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation
registry image-index-create
command to create multi-architecture images.images
command to list container images.mondel
events with timestamps and sequence numbers.Build them from source or download from a CDN location:
docker pull dslim/slim
control
commands to control sensor execution when running in the standalone mode (first command: stop-target-app
).xray
- detect system identities (users, groups) and their properties (--detect-identities
flag, enabled by default).build
- Keep the OS/libc zoneinfo data (--include-zoneinfo
flag, disabled by default).build
/profile
- Mon(itor) Data Event Log (aka mondel
) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel
main app flag, --mondel
/-n
sensor flag(s)).target-app-running
sensor lifecycle hook.build
/profile
: --env-file
to load env vars from a file.build
/profile
: basic input validation to ignore malformed env var data for the --env
flag.build
: Using internal output image builder by default (--image-build-engine
flag)Dockerfile.fat
to Dockerfile.reversed
(the reversed Dockerfile is also saved with the old name for backward compatibilityBuild them from source or download from a CDN location:
docker pull dslim/slim
control
commands to control sensor execution when running in the standalone mode (first command: stop-target-app
).xray
- detect system identities (users, groups) and their properties (--detect-identities
flag, enabled by default).build
- Keep the OS/libc zoneinfo data (--include-zoneinfo
flag, disabled by default).build
/profile
- Mon(itor) Data Event Log (aka mondel
) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel
main app flag, --mondel
/-n
sensor flag(s)).target-app-running
sensor lifecycle hook.build
/profile
: --env-file
to load env vars from a file.build
/profile
: basic input validation to ignore malformed env var data for the --env
flag.build
: Using internal output image builder by default (--image-build-engine
flag)Dockerfile.fat
to Dockerfile.reversed
Build them from source or download from a CDN location:
docker pull dslim/slim
prompt
mode for the target, namespace, pod and session flagsdebug
command terminal that runs as if you are connected directly to the target image you are debugging (enabled by default)debug
commanddebug
command sessionsdebug
command flags (see README)debug
commanddebug
command bug fixesBuild them from source or download from a CDN location:
docker pull dslim/slim
debug
commandappbom
command in the main app and --appbom
flag in the sensormerge
command to merge two container images (optimized to merge two minified images)debug
command flagsdebug
commandBuild them from source or download from a CDN location:
docker pull dslim/slim
build
command flag to prevent the vulnerability scanners from discovering the metadata they need to identify the vulnerabilities (--obfuscate-metadata
) inspired by the Malicious Compliance
KubeCon EU 2023 talkBuild them from source or download from a CDN location:
docker pull dslim/slim