containers
grype
containers | grype | |
---|---|---|
9 | 56 | |
191 | 7,678 | |
3.1% | 2.3% | |
8.7 | 9.5 | |
4 days ago | about 22 hours ago | |
Dockerfile | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
containers
-
Need a VM for Java 11 and a specific Program - which distro to choose?
eclipse-temurin:11 https://hub.docker.com/_/eclipse-temurin
-
CentOS 7 vs CentOS Stream vs Rocky vs Alma vs Debian vs Ubuntu for server
Then you build the container. That will download that container that already has linux with java on it, like this one: https://hub.docker.com/_/eclipse-temurin
- Primeiros passos no desenvolvimento Java em 2023: um guia particular
-
From Java to Golang and back
You can shrink the docker image greatly by starting with an Alpine based one like this https://hub.docker.com/_/eclipse-temurin
-
MinIO passes 1B cumulative Docker Pulls
> Just imagine the vast number of poorly cached CI jobs pulling gigabytes from Docker hub on every commit, coupled with naive aproaches to CI/CD when doing microservices, prod/dev/test deployments, etc.
I hit the rate limits that others talk of in the comments, which motivated me to use Nexus for both proxying and storing my own container images.
So far, it's been pretty good, I actually wrote about the process on my blog, "Moving from GitLab Registry to Sonatype Nexus": https://blog.kronis.dev/tutorials/moving-from-gitlab-registr...
Another thing that I tried, however, was to only rely upon Docker Hub for the base images that I want (Ubuntu in my case) and then build everything I need on top of that, doing things like installing Java/Node/Python/Ruby/... manually, adding utilities I want across all of the images etc.
Once again, I wrote about it on my blog, "Using Ubuntu as the base for all of my containers": https://blog.kronis.dev/articles/using-ubuntu-as-the-base-fo...
That approach is absolutely more work, but also is something that's underexplored and works really nicely for me. Now I mostly rely on the OS package manager repositories (or mirrors of those), put less load on Docker Hub, don't risk running into its rate limits and also have common base layers across most of the images that I build, which in practice means less data actually needing to be downloaded to any of the servers where I want to utilize my images.
Of course, the downside is that getting something like PHP running was an absolute pain (tried with Apache, didn't work for some reason, then moved over to Nginx), and I technically miss out on some of the more complex space optimizations because if you look at the Dockerfiles for some of the more popular images, like OpenJDK, you'll occasionally see some interesting approaches, like getting the software package as a bunch of files and "installing" them directly, as opposed to using something like apt/yum: https://github.com/adoptium/containers/blob/08dd7d416cee0fe0...
Then again, personally I'd much prefer to rely on packages that I can get from something like apt directly, even if some of those versions can be a bit older (or add the project's official apt repositories as needed).
-
Question?
The FROM looks incorrect. When i watch the Youtube video it mentions adoptopenjdk which is deprecated (https://hub.docker.com/\_/adoptopenjdk). You now should use https://hub.docker.com/_/eclipse-temurin/.
- Uberjar hosting services?
-
Java eclipse temurin:18.0.1_10-jre-alpine is out ! Now what ?
Eclipse Temurin is maintaining a rich collection of Java images.
-
Anyone using the Alpine Musl JDK builds in production?
Intially only the 17 was the musl-native variant, later added 11 and very recently (6 days ago) for 8 as well: https://github.com/adoptium/containers/issues/72
grype
-
Introduction to the Kubernetes ecosystem
Trivy Operator : A simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, Debian, CentOS, etc.) and application dependencies (pip, npm, yarn, composer, etc.) (Alternatives : Grype, Snyk, Clair, Anchore, Twistlock)
- Suas imagens de container não estão seguras!
-
I looked through attacks in my access logs. Here's what I found
Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.
https://github.com/quay/clair
https://github.com/anchore/grype/
-
Distroless images using melange and apko
Using Grype:
-
Scanning and remediating vulnerabilities with Grype
In the lab to follow, we'll see how vulnerability scanning can be conveniently achieved with Grype and how various systematic techniques can be applied to start securing our microservices at the container image level.
-
Understanding Container Security
Scanning your container images for vulnerabilities is a good approach. But this scanning is not one time job, it should be done regularly (weekly, monthly, etc.) You need to follow vulnerability reports and fix all of the vulnerabilities as soon as possible. I recommend some open-source tools that could be useful: Trivy, Docker-Bench, Grype.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Grype is another popular open source tool from Anchore. Working with SBOM files, Grype scans container images and filesystems for vulnerabilities. Grype supports different output formats for vulnerabilities and custom templates for output.
-
Best vulnerability scanner for DevOps
Grype (https://github.com/anchore/grype)
-
Security docker app
Grype will allow you to scan a container to see if you have any vulnerable packages.
-
Open source container scanning tool to find vulnerabilities and suggest best practice improvements?
https://github.com/anchore/grype 5.6k stars, updated 3 days ago