Container adoption is soaring, thanks to Open Source. The majority of projects and tools for container management in the cloud-native ecosystem are Open Source; one example is SlimToolkit, a tool supported by Slim.AI. SlimToolkit addresses one of the most critical issues in the cloud-native ecosystem today: container security.
Today, developers are increasingly building their cloud-native, microservice-based applications within numerous containers, each of which can become bloated with vulnerabilities over the course of development and therefore pose a security risk upon deployment. To bring awareness to this issue, Slim.AI has produced for the last two years its research on what’s inside the most commonly used public containers. According to the 2022 Container Report, the number of vulnerabilities in public containers is increasing: 60% of the top public containers have more vulnerabilities than they did a year ago. In fact, today’s average public container has 287 vulnerabilities, 30% of which belong to a high/critical category, up from 20% last year.
Many companies and governments are demanding a world with zero vulnerabilities, but Slim.AI’s research reveals just how out of reach that goal is given current awareness, tools and techniques. As described in the 2022 Container Report, “Among executives, 49% in our survey think containers are slimmed and hardened, but those who do the actual work, the front-line engineers and managers, report significantly lower numbers. Our survey found that 88% of developers admit it is challenging to remove vulnerabilities. Moreover, less than 26% say they understand how to slim and harden containers.”
Until now, creating production-ready containers—containers that are optimized for both performance and security—has required expertise, time and manual work that many developers are unwilling or unable to commit. SlimToolkit is one of several new Open Source resources that can help take this heavy burden off of the shoulders of developers. It provides automation tools for developers to build, manage, and ship production-ready containers effectively and efficiently—as they’re being built. SlimToolkit empowers developers to build and test their cloud-native applications securely, shipping only what is needed to production.
SlimToolkit is an Open Source Success Story
SlimToolkit (previously known as DockerSlim and licensed under an Apache 2.0 license) is a story of an Open Source project with steady and organic growth. It began as a winning project in the 2015 Docker Global Hack Day in Seattle and has built a grassroots community that has expanded by word-of-mouth referrals. Users became contributors, expanding features and functions as they adapted it to meet their needs, in true Open Source fashion. Now with over 16k stars on Github and 500k+ downloads, SlimToolkit is a free way to ensure the safest possible software is shipped to production.
One of the goals for SlimToolkit in 2023 is to move the project closer to the CNCF ecosystem, first by submitting it as a Sandbox project and then by pursuing Incubation status.
“Containers are a fundamental component of the modern cloud-native stack and SlimToolkit empowers developers at all levels to build production-ready cloud-native applications faster and with less effort,” said Slim.AI co-founder and DockerSlim creator Kyle Quest. The Open Source community transformed code that was written in 2015 into a tool that can play an integral role in securing the software supply chain. As a company, Slim.AI is more committed than ever to contributing to and engaging the Open Source community in making the changes and improvements to SlimToolkit to benefit all.
Slim.AI invites anyone to peruse the How-to and READme files, and check out and contribute to the SlimToolkit community.
Source: opensource.org