Application contact emails

kyle.c.quest@gmail.com , oss@slim.ai

Project Summary

SlimToolkit (aka DockerSlim) provides a way to inspect, optimize/slim and debug containers

Project Description

SlimToolkit/Slim is best know for its ability to minify container images. It was created during a global Docker hackathon project (as DockerSlim). It uses static and dynamic container analysis to understand the containerized application and what it needs to run, so it can generate the smallest possible container images. The lesser known capabilities include the xray command used to inspect container images and the debug command used to debug minimal container images by attaching a debugging container to the target container.

Org repo URL

https://github.com/slimtoolkit

Project repo URL

https://github.com/slimtoolkit/slim

Additional repos

No response

Website URL

http://slimtoolkit.org

Roadmap

see below

Roadmap context

The current focus in general is on improving usability and documentation.

The main functional areas of focus for 2023:

• Ability to debug slim/minimal container images in Kubernetes
• Supply chain and policy engine cloud native tool integrations (e.g., cosign/sigstore)
• Additional container runtime integrations (e.g., podman)

Contributing Guide

https://github.com/slimtoolkit/slim/blob/master/CONTRIBUTING.md

Code of Conduct (CoC)

will adopt the CNCF CoC

Adopters

No response

Contributing or Sponsoring Org

https://slim.ai

Maintainers file

https://github.com/slimtoolkit/slim/graphs/contributors (top two contributors are the maintainers)

IP Policy

• If the project is accepted, I agree the project will follow the CNCF IP Policy
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Trademark and accounts

• If the project is accepted, I agree to donate all project trademarks and accounts to the CNCF
  To pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.

Why CNCF?

CNCF is the best organization that represents the cloud-native ecosystem bringing together the cloud native tool creators and the cloud-native application developers and operators. Joining CNCF is about being a better and more integrated part of the cloud-native ecosystem making sure that the community benefits from Slim as much as possible (end users and other cloud native tools).

Benefit to the Landscape

Slim is about helping engineers building and running containerized applications. Containers is the fundamental part of the cloud-native ecosystem.

In addition to helping the engineers Slim also complements various container tools and infrastructure that are a part of the CNCF landscape. The "Security and Compliance" CNCF Landscape category will complement the capabilities provided by other tools in the category. Slim also represents the "Attack surface reduction" sub-category (which doesn't exist yet) in the "Security and Compliance" category. "Debugging" is another sub-category where Slim provides value. This non-existing sub-category fits in the "Observability and Analysis" landscape category.

Cloud Native 'Fit'

Slim fits in the "Security and Compliance" and "Observability and Analysis" landscape categories. It also represents two sub-categories ("Attack surface reduction" and "Debugging") that don't have a lot of tools yet and that's probably one of the reasons those sub-categories don't exist yet.

Cloud Native 'Integration'

Kyverno is an example of an integration where the seccomp data generated by Slim is used by the Kyverno policy engine.

Cloud Native Overlap

No response

Similar projects

There are various ad-hoc scripts or specialized tools that cover some parts of the functionality available in Slim. For example, the MiniCon tool, also referenced in the Software Supply Chain Best Practices CNCF report, is a set of simple scripts around strace and other tools. There are scripts and dedicated tools to debug minimal container images that handle very specific use cases expecting users to do a lot of additional work to make it work (e.g., helper scripts for the Koolkits debugging images by Lightrun). All of those are limited in terms of their focus and usability.

Product or Service to Project separation

The SlimToolkit is used as a standalone 3rd party tool in the Slim.AI SaaS product in the same way other 3rd party tools are used. It's always been completely separate.

Project presentations

No response

Project champions

No response

Additional information

SlimToolkit (as DockerSlim) is mentioned in the Slimming Container Images section of the Software Supply Chain Best Practices report produced by TAG-Security: https://github.com/cncf/tag-security/blob/4c52d2256516e1b6ae0b0ed86a1df069995f864f/supply-chain-security/supply-chain-security-paper/sscsp.md#slimming-container-images

There've been a number of KubeCon / cloud native con talks referencing or discussing Slim, its ability to reduce the attack surface for container images and its ability to generate seccomp security profiles (e.g., "Say Hi to the New Couple in the Town – DockerSlim and Kyverno – Making Your Kubernetes Workloads More Secure!" at KubeCon NA 2022).

Slim has been integrated with a number of cloud native tools like Tekton and Kyverno.

Slim is used in a number of training courses on security from the SANS Institute and other training organizations (e.g., "Kubernetes Security Masterclass").

Slim has been mentioned in a number of container and cloud-native related books about Kubernetes and Docker (e.g., "Docker in Practice").