This article discusses why container image vulnerability scanners, like Trivy, often produce false positives and negatives. It outlines the resulting issues and provides specific examples of these inaccuracies. Additionally, an analysis of eight popular Docker Hub images reveals that Trivy’s open-source version rarely detects the tested CVEs in the image’s primary component compared to Grype.| AugmentedMind.de
Explains how image scanners like Trivy reduce container image security due to false positives and negatives. Analyzes 8 popular Docker Hub images.| AugmentedMind.de
Learn details of BuildKit caching and how to tune it to get the maximum speed for your image builds in CI pipelines, incl. garbage collection tweaks.| AugmentedMind.de
This article takes a deep dive into the definition of CI/CD and related terms, explaining the background of CI/CD, as well as its advantages and disadvantages.| AugmentedMind.de
Month: June 2024 | AugmentedMind.de
This article explains the best Docker registry tools for browsing registries/images and manipulating/copying images. It comes with elaborate feature comparison tables. I also explain use cases that illustrate why and when you should use these tools. The analyzed tools include Skopeo, Regctl, ORAS CLI, crane, and many others. Finally, I provide a list of temporary ... Read more| AugmentedMind.de
An in-depth look at SBOM and build provenance Docker image attestation created by Docker/BuildKit, and the major problem of lacking verifiability.| AugmentedMind.de
This article takes a detailed look at GitHub's attestation feature, one of several options for creating and verifying attestations for Docker images and files.| AugmentedMind.de
Learn how Cosign creates Docker image signing (and attestations, such as SBOMs) and how to automatically verify them, e.g. in Kubernetes.| AugmentedMind.de
This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify ... Read more| AugmentedMind.de
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
Learn about caveats of full stack web frameworks like Reflex, which allow backend developers to build web apps, including the frontend, using backend languages.| AugmentedMind.de
Explains unexpected Docker Hub rate limits (NOT image pull limits) to developers who directly call the Docker Hub APIs, which applies even to HEAD requests.| AugmentedMind.de
Determine how frequently the maintainers of a Docker image rebuild image version tags, using the Docker Tag Monitor tool.| AugmentedMind.de
This Go vs Python benchmark compares Django, FastAPI & Pocketbase, discovering that Go/Pocketbase is only ~ twice as fast as Python/FastAPI.| AugmentedMind.de
Learn how to optimize your Docker image security with 12 useful tips. Understand the underlying attack vector, and the mitigation approaches.| AugmentedMind.de
Learn to optimize the Docker image size, e.g. via small base images, multi-stage builds, consolidation of RUN statements, or using docker-slim.| AugmentedMind.de
Improve the build speed of Docker images in CI pipelines, using BuildKit caching tricks, the .dockerignore file and package managers tweaks.| AugmentedMind.de
Learn how to improve the speed of building Docker images locally, including the iteration of your unfinished Dockerfile, or rebuilding on code changes.| AugmentedMind.de