Closed kcq closed 1 year ago
One of the things right at the start would be to distinguish between the project name in CNCF and any trademarks/names/product/services of the founding company. Looks like here we have "Slim" the project overlap with the SaaS platform/service. Please confirm if you are ok finding another suitable name for the project when it enters CNCF? (assuming that's the tradeoff that may be acceptable to you vs changing the name of the SaaS platform/service)
@dims "slim" is a generic term. For example, many container registry images have "slim" tags (e.g., debian:stable-slim
or nginx:alpine-slim
). Technically there's no overlap because the company name is not a subset of the project name (though there's a partial overlap, that's true). The full names for both are different. Also the project and its use of "slim" predates the company (by more than a few years) and the company doesn't hold a trademarks on "slim", so there can be no trademark violation claims. "slim" is an important part of the project identity and what it does. Wonder if there's room for a bit of flexibility here?
@kcq distinct identities between founding company and the project is where we have to draw the line, whether you hold the trademarks officially or not.
@dims sounds like we have different views/opinions when it comes to the definition of distinct identities. I still believe that the identities are distinct; however, it'll be more productive to focus on other more important things to continue the process. The names will be changed to remove "Slim" from it if the project is able to continue the sandbox process and there's nothing else blocking progress. Happy to discuss the details during the next meeting.
/vote-sandbox
@amye has called for a vote on [Sandbox] SlimToolkit
(#22).
The members of the following teams have binding votes:
Team |
---|
@cncf/cncf-toc |
Non-binding votes are also appreciated as a sign of support!
You can cast your vote by reacting to this
comment. The following reactions are supported:
In favor | Against | Abstain |
---|---|---|
๐ | ๐ | ๐ |
Please note that voting for multiple options is not allowed and those votes won't be counted.
The vote will be open for 7days
. It will pass if at least 66%
of the users with binding votes vote In favor ๐
. Once it's closed, results will be published here as a new comment.
Happy to provide additional info or clarify any outstanding questions
/check-vote
So far 36.36%
of the users with binding vote are in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
4 | 0 | 0 | 7 |
User | Vote | Timestamp |
---|---|---|
cathyhongzhang | In favor | 2023-05-09 22:33:52.0 +00:00:00 |
mauilion | In favor | 2023-05-11 23:20:28.0 +00:00:00 |
rochaporto | In favor | 2023-05-09 16:20:58.0 +00:00:00 |
TheFoxAtWork | In favor | 2023-05-09 20:10:37.0 +00:00:00 |
/check-vote
So far 72.73%
of the users with binding vote are in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
8 | 0 | 0 | 3 |
User | Vote | Timestamp |
---|---|---|
mauilion | In favor | 2023-05-11 23:20:28.0 +00:00:00 |
mattfarina | In favor | 2023-05-15 14:01:12.0 +00:00:00 |
rochaporto | In favor | 2023-05-09 16:20:58.0 +00:00:00 |
cathyhongzhang | In favor | 2023-05-09 22:33:52.0 +00:00:00 |
TheFoxAtWork | In favor | 2023-05-09 20:10:37.0 +00:00:00 |
dzolotusky | In favor | 2023-05-12 13:41:48.0 +00:00:00 |
kgamanji | In favor | 2023-05-15 16:07:09.0 +00:00:00 |
nikhita | In favor | 2023-05-12 4:14:15.0 +00:00:00 |
what are the next steps?
Votes are extended for another day to be able to accurately tabulate! Vote will close automatically at that time.
The vote passed! ๐
81.82%
of the users with binding vote were in favor (passing threshold: 66%
).
In favor | Against | Abstain | Not voted |
---|---|---|---|
9 | 0 | 0 | 2 |
User | Vote | Timestamp |
---|---|---|
@dzolotusky | In favor | 2023-05-12 13:41:48.0 +00:00:00 |
@nikhita | In favor | 2023-05-12 4:14:15.0 +00:00:00 |
@kgamanji | In favor | 2023-05-15 16:07:09.0 +00:00:00 |
@mattfarina | In favor | 2023-05-15 14:01:12.0 +00:00:00 |
@RichiH | In favor | 2023-05-17 9:02:45.0 +00:00:00 |
@mauilion | In favor | 2023-05-11 23:20:28.0 +00:00:00 |
@rochaporto | In favor | 2023-05-09 16:20:58.0 +00:00:00 |
@TheFoxAtWork | In favor | 2023-05-09 20:10:37.0 +00:00:00 |
@cathyhongzhang | In favor | 2023-05-09 22:33:52.0 +00:00:00 |
onboarding: https://github.com/cncf/sandbox/issues/159
Application contact emails
kyle.c.quest@gmail.com , oss@slim.ai
Project Summary
SlimToolkit (aka DockerSlim) provides a way to inspect, optimize/slim and debug containers
Project Description
SlimToolkit/Slim is best know for its ability to minify container images. It was created during a global Docker hackathon project (as DockerSlim). It uses static and dynamic container analysis to understand the containerized application and what it needs to run, so it can generate the smallest possible container images. The lesser known capabilities include the
xray
command used to inspect container images and thedebug
command used to debug minimal container images by attaching a debugging container to the target container.Org repo URL
https://github.com/slimtoolkit
Project repo URL
https://github.com/slimtoolkit/slim
Additional repos
No response
Website URL
http://slimtoolkit.org
Roadmap
see below
Roadmap context
The current focus in general is on improving usability and documentation.
The main functional areas of focus for 2023:
Contributing Guide
https://github.com/slimtoolkit/slim/blob/master/CONTRIBUTING.md
Code of Conduct (CoC)
will adopt the CNCF CoC
Adopters
No response
Contributing or Sponsoring Org
https://slim.ai
Maintainers file
https://github.com/slimtoolkit/slim/graphs/contributors (top two contributors are the maintainers)
IP Policy
Trademark and accounts
Why CNCF?
CNCF is the best organization that represents the cloud-native ecosystem bringing together the cloud native tool creators and the cloud-native application developers and operators. Joining CNCF is about being a better and more integrated part of the cloud-native ecosystem making sure that the community benefits from Slim as much as possible (end users and other cloud native tools).
Benefit to the Landscape
Slim is about helping engineers building and running containerized applications. Containers is the fundamental part of the cloud-native ecosystem.
In addition to helping the engineers Slim also complements various container tools and infrastructure that are a part of the CNCF landscape. The "Security and Compliance" CNCF Landscape category will complement the capabilities provided by other tools in the category. Slim also represents the "Attack surface reduction" sub-category (which doesn't exist yet) in the "Security and Compliance" category. "Debugging" is another sub-category where Slim provides value. This non-existing sub-category fits in the "Observability and Analysis" landscape category.
Cloud Native 'Fit'
Slim fits in the "Security and Compliance" and "Observability and Analysis" landscape categories. It also represents two sub-categories ("Attack surface reduction" and "Debugging") that don't have a lot of tools yet and that's probably one of the reasons those sub-categories don't exist yet.
Cloud Native 'Integration'
Kyverno is an example of an integration where the seccomp data generated by Slim is used by the Kyverno policy engine.
Cloud Native Overlap
No response
Similar projects
There are various ad-hoc scripts or specialized tools that cover some parts of the functionality available in Slim. For example, the MiniCon tool, also referenced in the
Software Supply Chain Best Practices
CNCF report, is a set of simple scripts around strace and other tools. There are scripts and dedicated tools to debug minimal container images that handle very specific use cases expecting users to do a lot of additional work to make it work (e.g., helper scripts for the Koolkits debugging images by Lightrun). All of those are limited in terms of their focus and usability.Product or Service to Project separation
The SlimToolkit is used as a standalone 3rd party tool in the Slim.AI SaaS product in the same way other 3rd party tools are used. It's always been completely separate.
Project presentations
No response
Project champions
No response
Additional information
SlimToolkit (as DockerSlim) is mentioned in the
Slimming Container Images
section of theSoftware Supply Chain Best Practices
report produced byTAG-Security
: https://github.com/cncf/tag-security/blob/4c52d2256516e1b6ae0b0ed86a1df069995f864f/supply-chain-security/supply-chain-security-paper/sscsp.md#slimming-container-imagesThere've been a number of KubeCon / cloud native con talks referencing or discussing Slim, its ability to reduce the attack surface for container images and its ability to generate seccomp security profiles (e.g., "Say Hi to the New Couple in the Town โ DockerSlim and Kyverno โ Making Your Kubernetes Workloads More Secure!" at KubeCon NA 2022).
Slim has been integrated with a number of cloud native tools like Tekton and Kyverno.
Slim is used in a number of training courses on security from the SANS Institute and other training organizations (e.g., "Kubernetes Security Masterclass").
Slim has been mentioned in a number of container and cloud-native related books about Kubernetes and Docker (e.g., "Docker in Practice").