dims
commented
1 year ago One of the things right at the start would be to distinguish between the project name in CNCF and any trademarks/names/product/services of the founding company. Looks like here we have "Slim" the project overlap with the SaaS platform/service. Please confirm if you are ok finding another suitable name for the project when it enters CNCF? (assuming that's the tradeoff that may be acceptable to you vs changing the name of the SaaS platform/service)
kcq
amye
git-vote[bot]
Application contact emails
kyle.c.quest@gmail.com , oss@slim.ai
Project Summary
SlimToolkit (aka DockerSlim) provides a way to inspect, optimize/slim and debug containers
Project Description
SlimToolkit/Slim is best know for its ability to minify container images. It was created during a global Docker hackathon project (as DockerSlim). It uses static and dynamic container analysis to understand the containerized application and what it needs to run, so it can generate the smallest possible container images. The lesser known capabilities include the
xraycommand used to inspect container images and thedebugcommand used to debug minimal container images by attaching a debugging container to the target container.Org repo URL
https://github.com/slimtoolkit
Project repo URL
https://github.com/slimtoolkit/slim
Additional repos
No response
Website URL
http://slimtoolkit.org
Roadmap
see below
Roadmap context
The current focus in general is on improving usability and documentation.
The main functional areas of focus for 2023:
Contributing Guide
https://github.com/slimtoolkit/slim/blob/master/CONTRIBUTING.md
Code of Conduct (CoC)
will adopt the CNCF CoC
Adopters
No response
Contributing or Sponsoring Org
https://slim.ai
Maintainers file
https://github.com/slimtoolkit/slim/graphs/contributors (top two contributors are the maintainers)
IP Policy
Trademark and accounts
Why CNCF?
CNCF is the best organization that represents the cloud-native ecosystem bringing together the cloud native tool creators and the cloud-native application developers and operators. Joining CNCF is about being a better and more integrated part of the cloud-native ecosystem making sure that the community benefits from Slim as much as possible (end users and other cloud native tools).
Benefit to the Landscape
Slim is about helping engineers building and running containerized applications. Containers is the fundamental part of the cloud-native ecosystem.
In addition to helping the engineers Slim also complements various container tools and infrastructure that are a part of the CNCF landscape. The "Security and Compliance" CNCF Landscape category will complement the capabilities provided by other tools in the category. Slim also represents the "Attack surface reduction" sub-category (which doesn't exist yet) in the "Security and Compliance" category. "Debugging" is another sub-category where Slim provides value. This non-existing sub-category fits in the "Observability and Analysis" landscape category.
Cloud Native 'Fit'
Slim fits in the "Security and Compliance" and "Observability and Analysis" landscape categories. It also represents two sub-categories ("Attack surface reduction" and "Debugging") that don't have a lot of tools yet and that's probably one of the reasons those sub-categories don't exist yet.
Cloud Native 'Integration'
Kyverno is an example of an integration where the seccomp data generated by Slim is used by the Kyverno policy engine.
Cloud Native Overlap
No response
Similar projects
There are various ad-hoc scripts or specialized tools that cover some parts of the functionality available in Slim. For example, the MiniCon tool, also referenced in the
Software Supply Chain Best PracticesCNCF report, is a set of simple scripts around strace and other tools. There are scripts and dedicated tools to debug minimal container images that handle very specific use cases expecting users to do a lot of additional work to make it work (e.g., helper scripts for the Koolkits debugging images by Lightrun). All of those are limited in terms of their focus and usability.Product or Service to Project separation
The SlimToolkit is used as a standalone 3rd party tool in the Slim.AI SaaS product in the same way other 3rd party tools are used. It's always been completely separate.
Project presentations
No response
Project champions
No response
Additional information
SlimToolkit (as DockerSlim) is mentioned in the
Slimming Container Imagessection of theSoftware Supply Chain Best Practicesreport produced byTAG-Security: https://github.com/cncf/tag-security/blob/4c52d2256516e1b6ae0b0ed86a1df069995f864f/supply-chain-security/supply-chain-security-paper/sscsp.md#slimming-container-imagesThere've been a number of KubeCon / cloud native con talks referencing or discussing Slim, its ability to reduce the attack surface for container images and its ability to generate seccomp security profiles (e.g., "Say Hi to the New Couple in the Town โ DockerSlim and Kyverno โ Making Your Kubernetes Workloads More Secure!" at KubeCon NA 2022).
Slim has been integrated with a number of cloud native tools like Tekton and Kyverno.
Slim is used in a number of training courses on security from the SANS Institute and other training organizations (e.g., "Kubernetes Security Masterclass").
Slim has been mentioned in a number of container and cloud-native related books about Kubernetes and Docker (e.g., "Docker in Practice").