Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
brew install multipass multipass launch 20.04 --name my-docker-alt multipass shell my-docker-alt curl -fsSL https://get.docker.com -o get-docker.sh sh get-docker.sh sudo docker run --rm -t hello-world
In terms of automatic remediation, you could scan for vulnerabilities automatically as a separate CI process using renovate (open source IIRC), or dependabot (built into GitHub, also at least partially open-source IIRC), which both are quite bad-ass in that, if you should configure it this way, would automatically update all of your vulnerable dependencies and open+merge a PR for you. Not the real-time container scanning, but more like automated proactive maintenance to ensure that you can crank out meaningful dot-releases that include security updates at the drop of a hat. Assuming that the PR merges into a branch that you have your container-building CI run against, that means refreshed, updated containers regularly. It also means that you never go back to regularly-scheduled manual (if ever) dependency updates.
Iām not a Mac person but apparently yes, though not natively without a backing Linux VM a-la podman-machine or vagrant. I have not had the opportunity to try it but podman-compose looks fun.