Minify your container by up to 30x to be more secure (free and open source)

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • SonarLint - Clean code begins in your IDE with SonarLint
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Zigi - The context switching struggle is real
  • Scout APM - Truly a developer’s best friend
  • cruftspy

    Detect unnecessary files in Docker images

    Like others here, I wasn't very happy about automatic coverage, so I made this instead https://github.com/viraptor/cruftspy

    Instead of going extreme with coverage analysis, it shows places that can be manually cleaned during the build process. Maybe someone will find it useful. Smaller space gains, but gives more confidence.

  • distroless

    🥑 Language focused docker images, minus the operating system.

    Scratch is blank. Distroless includes some Debian components that removes a bunch of "gotchas" that some people relying on scratch run into.

    - ca-certificates

    - A /etc/passwd entry for a root user

    - A /tmp directory

    - tzdata

    - glibc

    - libssl

    - openssl

    https://github.com/GoogleContainerTools/distroless/tree/main...

  • SonarLint

    Clean code begins in your IDE with SonarLint. Up your coding game and discover issues early. SonarLint is a free plugin that helps you find & fix bugs and security issues from the moment you start writing code. Install from your favorite IDE marketplace today.

  • docker-show-context

    Show where time is wasted during the context upload of `docker build`

    I've had great success with reducing image size by running docker-show-context (https://github.com/pwaller/docker-show-context) and eliminating big and unnecessary files that it reports. This seems to go just a bit further than that with what seems like more complexity. I got timeouts when following their instructions to run it on two different containers, one of which is just a very simple web server.

  • dive

    A tool for exploring each layer in a docker image

    This is interesting for optimizing build time. But I think it works a bit different from docker-slim, which is focused on the final resulting image size.

    Dive is a good tool for the latter IME. https://github.com/wagoodman/dive

    It doesn't do the work for you, but it does single out the big layers in your image.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts