Our great sponsors
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
Tendis
Tendis is a high-performance distributed storage system fully compatible with the Redis protocol.
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Maybe this would help in that regard: https://github.com/docker-slim/docker-slim
See: Distroless images[0]
This is one of the huge benefits of recent systems languages like go and rust -- they compile to single binaries so you can use things like scatch[1] containers. You may have to fiddle with gnu libc/musl libc (usually when getaddrinfo is involved/dns etc), but once you're done with it, packaging is so easy.
Even languages like Node (IMO the most progressive of the scripting languages) have packages like vercel/pkg[2] which produce native binaries.
BTW if you're considering running redis these days... Check out KeyDB[3], it's impressive. There are a lot of redis alternatives with interesting features these days that I wonder if running vanilla redis is even a good idea anymore (outside of ensuring complete feature-set compatibility).
[0]: https://github.com/GoogleContainerTools/distroless
[1]: https://hub.docker.com/_/scratch/
[2]: https://github.com/vercel/pkg
[3]: https://docs.keydb.dev
See: Distroless images[0]
This is one of the huge benefits of recent systems languages like go and rust -- they compile to single binaries so you can use things like scatch[1] containers. You may have to fiddle with gnu libc/musl libc (usually when getaddrinfo is involved/dns etc), but once you're done with it, packaging is so easy.
Even languages like Node (IMO the most progressive of the scripting languages) have packages like vercel/pkg[2] which produce native binaries.
BTW if you're considering running redis these days... Check out KeyDB[3], it's impressive. There are a lot of redis alternatives with interesting features these days that I wonder if running vanilla redis is even a good idea anymore (outside of ensuring complete feature-set compatibility).
[0]: https://github.com/GoogleContainerTools/distroless
[1]: https://hub.docker.com/_/scratch/
[2]: https://github.com/vercel/pkg
[3]: https://docs.keydb.dev
as is stated initially, that goes back to how bitnami is building its Docker images, basing on a set of debian packages (minideb) - there's also a shell library/framework embedded that does useful things, but that makes you read more code when you go check how the sausage is made. That minideb is the basis for the higher CVE count compared to scratch or alpine images.
> it’s a well-kept secret that no one wants to talk about
the maintainer side most casual docker image users aren't aware of I'd rephrase, but bitnami at least documents the issue
https://github.com/bitnami/minideb#security
https://docs.bitnami.com/kubernetes/open-cve-policy/
redis 12:06:41.46 Submit issues and feature requests at https://github.com/bitnami/containers/issues