Slim.AI, a startup that specializes in software supply chain security helping enterprises optimize and secure their software containers, today announced the launch of its automated container hardening feature at CNCF’s KubeCon/CloudNativeCon Europe. With this, Slim can now automatically scan an enterprise’s containers for vulnerabilities and remove unnecessary files, libraries, and other attack surfaces.
Integrated into existing CI/CD pipelines, Slim’s new automated container hardening service runs containers, which have been pre-instrumented by a developer, through the company’s existing test suite, scans them, and automatically removes unnecessary files, resulting in significantly smaller and more secure containers. With fewer files in one container, this also means developers can focus on the vulnerability alerts that really matter, because they relate to the libraries that are actually being used.
Image Credits: Slim.AI
Slim.AI was born from an open source project, the Slim Toolkit (previously called DockerSlim). This project is now seven years old and has seen over a million downloads. And while it does some rudimentary analysis of container hardening and security, the team formed a company to take their learnings from the Slim Toolkit and extend them.
As Slim.AI co-founder and CEO John Amaral told me, when the company launched in 2020, its focus was more on giving users what Amaral called a “containerized MRI machine” that would tell them exactly what was in their containers. and where there were potential security issues.
Image Credits: Slim.AI
“EITHERnew part of comment us got of he users of our open source ttechnology was that they In fact necessary to understand that inside these containers as to complement to any gentle of automated remediation,” Amaral said. “Youhe developers still need to be able to support these modified containers and Yeah they No have to clear image of that there, so as willpower they be able to interact with he remaining components? Wmy spent to batch of time building better stamping for them.”
As with any automated process, things don’t always work as planned, and sometimes the system can generate a container that is missing a required file. For those cases, Slim.AI gives developers and security teams not only a wealth of data about what it does with each container, but also the manual controls to retest or exclude certain files.
“As engineering teams are increasingly tasked with the responsibilities of building and releasing secure software, while many organizations are also looking for developer speed to drive business results, the right tools become even more essential,” he said. Kelly Fitzpatrick, a senior industry analyst at RedMonk. “By integrating container vulnerability mitigation and mitigation into the CI/CD processes that teams already use, Slim.AIAutomatic Container Hardening is designed to address this need.”
The new service is available for free to users of Slim.AI’s development platform, though teams planning to use the service on a large scale will likely want to contact the company about its design partner program.