|14 days ago||14 days ago|
|MIT License||GNU General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Script to run ihaskell in Docker
2 projects | reddit.com/r/haskell | 16 Aug 2021
More info: https://github.com/gibiansky/IHaskell/issues/1251
How to use Matplotlib for Haskell in IHaskell
4 projects | reddit.com/r/haskell | 15 Aug 2021
I'm stymied trying to import a package. It's Graphics.Matplotlib. (See here.) I'm wanting it for my IHaskell, but when I add it to the IHaskell stack.yaml4 projects | reddit.com/r/haskell | 15 Aug 2021
That looks like a generic front-end error for when the back-end is unavailable, the back-end error should be more informative, but I don't know where exactly you can find it. At this point it might make sense to open an issue on the issue tracker of IHaskell, they will be able to give you more useful answers.
Newbie: IHaskell + Rasterific?
2 projects | reddit.com/r/haskell | 3 Jun 2021
curl -sSL https://get.haskellstack.org/ | sh git clone https://github.com/gibiansky/IHaskell cd IHaskell pip3 install -r requirements.txt stack install --fast ihaskell install --stack jupyter labextension install jupyterlab-ihaskell # did not work stack exec jupyter -- notebook2 projects | reddit.com/r/haskell | 3 Jun 2021
I haven't actually used IHaskell, however, the png file is presumably created in whatever the working directory is when the script is running. The IHaskell wiki says:
can you recommend active Haskell open source projects?
16 projects | reddit.com/r/haskell | 30 Mar 2022
Just Say No To `:Latest`
3 projects | news.ycombinator.com | 6 Mar 2022
Worth noting that Hadolint raises warnings the issues mentioned in the article. Some examples of warnings:
- https://github.com/hadolint/hadolint/wiki/DL3007: Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.
Kubernetes Security Checklist 2021
28 projects | dev.to | 18 Oct 2021
Dockerfile should be checked during development by automated scanners (Kics, Hadolint, Conftest)
3 projects | reddit.com/r/u_sybrenbolandit | 31 Aug 2021
Linters are an effective way to catch (security) bugs early on in your development process. For most programming languages using linters is pretty standard. Hadolint is a linter for your Dockerfiles and is found on github here.
Best Practices for R with Docker
8 projects | dev.to | 31 May 2021
Best practices for writing Dockerfiles are being followed more and more often according to this paper after mining more than 10 million Dockerfiles on Docker Hub and GitHub. However, there is still room for improvement. This is where linters come in as useful tools for static code analysis. Hadolint lists lots of rules for Dockerfiles and is available as a VS Code extension.
21 Best Practises in 2021 for Dockerfile
2 projects | dev.to | 29 May 2021
Dockerizing Shiny Applications
3 projects | dev.to | 10 May 2021
Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root. – Hadolint rule DL3002
What do you use for container security, and where do you think there is room for improvement?
1 project | reddit.com/r/devops | 2 Apr 2021
Hadolint for more SAST like : https://github.com/hadolint/hadolint
ShellCheck: A static analysis tool for shell scripts
12 projects | news.ycombinator.com | 18 Mar 2021
Hadolint is another. It's built atop shellcheck.
Docker Security Cheat Sheet
3 projects | news.ycombinator.com | 13 Mar 2021
I use Hadolint as a CI job to check if my Dockerfiles follow the good "rules". But there is one rule that annoys me the most and which is also present in this article, is the pinned OS package version rule. While I understand its interest, I struggle to handle this problem.
When I build new images and it failed because the pinned version is not available anymore, I have to dig into Debian or Ubuntu packages websites to find the new ones as they don't keep the old packages online.
I know I could ask Hadolint to ignore this rule but I don't like this and I think it's important to stick to a certain version of a package to avoid problems. I'm just trying to find any tip that could make me use pinned version and avoid this search every time. Does apt-get install allows wildcard for example?
What are some alternatives?
trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues and hard-coded secrets
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
docker-bench-security - The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
grype - A vulnerability scanner for container images and filesystems
hoogle - Haskell API search engine
podman - Podman: A tool for managing OCI containers and pods.
ormolu - A formatter for Haskell source code
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems
ghcid - Very low feature GHCi based IDE
leksah - Haskell IDE
stan - 🕵️ Haskell STatic ANalyser