Container image security part 2: Minimal images
Overview of free and open-source minimal images for bare Linuxes (C++, Go, Rust), PHP, Python, Java, C#, and Node.js, and why you need them.| AugmentedMind.de
Having multiple calendars that are not synchronized often causes scheduling issues. To solve this problem, I built a completely new Next-Gen Microsoft Power Automate flow that synchronizes Outlook with Outlook, Outlook with Google, or Google with Google calendars. The flow is free and open-source, but requires a Power Automate Premium plan. Here I explain how … Read more| AugmentedMind.de
This article provides an overview of free and open-source minimal container images for bare Linuxes (into which you would copy native binaries compiled with C/C++, Go, or Rust), PHP, Python, Java, C#, and Node.js, from the image vendors Google distroless, Chainguard, Ubuntu, and Azure Linux. It explains why minimal images matter, how they are defined, and their general pros and cons.| AugmentedMind.de
Overview of free and open-source minimal images for bare Linuxes (C++, Go, Rust), PHP, Python, Java, C#, and Node.js, and why you need them.| AugmentedMind.de
Explains how image scanners like Trivy reduce container image security due to false positives and negatives. Analyzes 8 popular Docker Hub images.| AugmentedMind.de
This article explains the best Docker registry tools for browsing registries/images and manipulating/copying images. It comes with elaborate feature comparison tables. I also explain use cases that illustrate why and when you should use these tools. The analyzed tools include Skopeo, Regctl, ORAS CLI, crane, and many others. Finally, I provide a list of temporary ... Read more| AugmentedMind.de
An in-depth look at SBOM and build provenance Docker image attestation created by Docker/BuildKit, and the major problem of lacking verifiability.| AugmentedMind.de
This article takes a detailed look at GitHub's attestation feature, one of several options for creating and verifying attestations for Docker images and files.| AugmentedMind.de
Learn how Cosign creates Docker image signing (and attestations, such as SBOMs) and how to automatically verify them, e.g. in Kubernetes.| AugmentedMind.de
This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify ... Read more| AugmentedMind.de
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
Learn about caveats of full stack web frameworks like Reflex, which allow backend developers to build web apps, including the frontend, using backend languages.| AugmentedMind.de
Explains unexpected Docker Hub rate limits (NOT image pull limits) to developers who directly call the Docker Hub APIs, which applies even to HEAD requests.| AugmentedMind.de
Determine how frequently the maintainers of a Docker image rebuild image version tags, using the Docker Tag Monitor tool.| AugmentedMind.de
Learn how to optimize your Docker image security with 12 useful tips. Understand the underlying attack vector, and the mitigation approaches.| AugmentedMind.de
Learn to optimize the Docker image size, e.g. via small base images, multi-stage builds, consolidation of RUN statements, or using docker-slim.| AugmentedMind.de
Improve the build speed of Docker images in CI pipelines, using BuildKit caching tricks, the .dockerignore file and package managers tweaks.| AugmentedMind.de
Learn how to improve the speed of building Docker images locally, including the iteration of your unfinished Dockerfile, or rebuilding on code changes.| AugmentedMind.de
