Docker Slim Versions Save

Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)

1.40.11

3 months ago

New Features

  • New build command flags (--include-dir-bins and --include-ssh-client).
  • Simple images command to list container images.

Improvements

  • OCI image format support in xray.
  • Improved xray command reports to include object type information.

Bug Fixes

  • Fixes and dependency updates to support the new Docker Engine version (25.x).

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

1.40.10

3 months ago

Bug Fixes

  • Sensor artifact (post-)processing bug fix for additional PT generated artifacts.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

1.40.9

3 months ago

Improvements

  • Added command parameter information to process events in mondel.
  • Enhanced mondel event capture to prevent event data loss on sensor shutdown.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

1.40.8

3 months ago

New Features

  • New vulnerability command and the epss subcommand to lookup EPSS scores for vulnerabilities.
  • Simple registry server command to have a local OCI registry (thank you Sarvesh Raj, @sarveshraj, for your contribution!).
  • Simple registry push command to push local images to a registry.
  • Simple images command to list container images.
  • RPM packaging for the apps (thank you Rohan Jamadagni, @Rohansjamadagni, for your contribution!)

Improvements

  • Enhanced registry pull command to pull images from authenticated registries.
  • quiet mode improvements (WIP) to hide the standard execution context output when it's enabled.
  • quiet mode for the images command.
  • Interactive prompt updates to include the images, registry and vulnerability commands and a couple of global flags.
  • Monitor Data Event Log (mondel) enhancement to improve the write path.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

1.40.7

4 months ago

New Features

  • Simple registry image-index-create command to create multi-architecture images.
  • Simple images command to list container images.

Improvements

  • Improved ptmon syscall handling.
  • Enhanced mondel events with timestamps and sequence numbers.
  • Extra docker socket validation checks.
  • Version info on exit/failure.
  • Temp container cleanup improvements.
  • ARM image build scripts for the containerized distribution.

Bug Fixes

  • Websocket http probe bug fix.
  • Various ptmon bug fixes.

Binaries

Build them from source or download from a CDN location:

1.40.6

6 months ago

New Features

  • Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
  • xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
  • build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
  • build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

  • target-app-running sensor lifecycle hook.
  • build/profile: --env-file to load env vars from a file.
  • build/profile: basic input validation to ignore malformed env var data for the --env flag.
  • build: Using internal output image builder by default (--image-build-engine flag)
  • Renamed the reverse engineered Dockerfile from Dockerfile.fat to Dockerfile.reversed (the reversed Dockerfile is also saved with the old name for backward compatibility

Bug Fixes

  • Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

1.40.5

6 months ago

New Features

  • Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
  • xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
  • build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
  • build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

  • target-app-running sensor lifecycle hook.
  • build/profile: --env-file to load env vars from a file.
  • build/profile: basic input validation to ignore malformed env var data for the --env flag.
  • build: Using internal output image builder by default (--image-build-engine flag)
  • Renamed the reverse engineered Dockerfile from Dockerfile.fat to Dockerfile.reversed

Bug Fixes

  • Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

1.40.4

8 months ago

Improvements

  • Auto-complete in the interactive prompt mode for the target, namespace, pod and session flags
  • Interactive debug command terminal that runs as if you are connected directly to the target image you are debugging (enabled by default)
  • Basic sessions for debug command
  • Ability to show logs for the existing debug command sessions
  • More debug command flags (see README)
  • README docs updates for the debug command

Bug Fixes

  • Many debug command bug fixes

Binaries

Build them from source or download from a CDN location:

1.40.3

9 months ago

New Features

  • Kubernetes runtime support for the debug command
  • appbom command in the main app and --appbom flag in the sensor
  • merge command to merge two container images (optimized to merge two minified images)

Improvements

  • More debug command flags
  • README docs for the debug command
  • Ability to detect the Docker Desktop unix socket
  • Code and logging cleanup

Bug Fixes

  • Sensor volume fix for sensor symlinks (to address the Homebrew installed problems with sensor)
  • Various dependency updates to get security fixes

Binaries

Build them from source or download from a CDN location:

1.40.2

10 months ago

Improvements

  • New experimental build command flag to prevent the vulnerability scanners from discovering the metadata they need to identify the vulnerabilities (--obfuscate-metadata) inspired by the Malicious Compliance KubeCon EU 2023 talk

Bug Fixes

  • HEALTHCHECK instruction decoding enhancements to handle the data generated by buildah
  • fsutil format string bug fix

Binaries

Build them from source or download from a CDN location: