Releases · slimtoolkit/slim

New vulnerability command and the epss subcommand to lookup EPSS scores for vulnerabilities.
Simple registry server command to have a local OCI registry (thank you Sarvesh Raj, @sarveshraj, for your contribution!).
Simple registry push command to push local images to a registry.
Simple images command to list container images.
RPM packaging for the apps (thank you Rohan Jamadagni, @Rohansjamadagni, for your contribution!)

Improvements

Enhanced registry pull command to pull images from authenticated registries.
quiet mode improvements (WIP) to hide the standard execution context output when it's enabled.
quiet mode for the images command.
Interactive prompt updates to include the images, registry and vulnerability commands and a couple of global flags.
Monitor Data Event Log (mondel) enhancement to improve the write path.

Binaries

See the INSTALLATION section in the README: https://github.com/slimtoolkit/slim?tab=readme-ov-file#installation

Contributors

Rohansjamadagni and sarveshraj

Assets 2

10 Dec 18:50

kcq

1.40.7

fc2a266

Multi-arch images, listing container images, improved minification

New Features

Simple registry image-index-create command to create multi-architecture images.
Simple images command to list container images.

Improvements

Improved ptmon syscall handling.
Enhanced mondel events with timestamps and sequence numbers.
Extra docker socket validation checks.
Version info on exit/failure.
Temp container cleanup improvements.
ARM image build scripts for the containerized distribution.

Bug Fixes

Websocket http probe bug fix.
Various ptmon bug fixes.

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

02 Nov 18:22

kcq

1.40.6

df98aa8

Minor features and improvements for xray, build, profile and debug as well as minor new sensor features

New Features

Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

target-app-running sensor lifecycle hook.
build/profile: --env-file to load env vars from a file.
build/profile: basic input validation to ignore malformed env var data for the --env flag.
build: Using internal output image builder by default (--image-build-engine flag)
Renamed the reverse engineered Dockerfile from Dockerfile.fat to Dockerfile.reversed (the reversed Dockerfile is also saved with the old name for backward compatibility

Bug Fixes

Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

01 Nov 23:28

kcq

1.40.5

b82e6d2

Minor features and improvements for xray, build, profile and debug as well as minor new sensor features

New Features

Sensor control commands to control sensor execution when running in the standalone mode (first command: stop-target-app).
xray - detect system identities (users, groups) and their properties (--detect-identities flag, enabled by default).
build - Keep the OS/libc zoneinfo data (--include-zoneinfo flag, disabled by default).
build/profile - Mon(itor) Data Event Log (aka mondel) - optional data event log for sensor monitors to log/stream monitor events (--enable-mondel main app flag, --mondel/-n sensor flag(s)).

Improvements

target-app-running sensor lifecycle hook.
build/profile: --env-file to load env vars from a file.
build/profile: basic input validation to ignore malformed env var data for the --env flag.
build: Using internal output image builder by default (--image-build-engine flag)
Renamed the reverse engineered Dockerfile from Dockerfile.fat
to Dockerfile.reversed

Bug Fixes

Various bug fixes (see commits/PRs for details)

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

26 Aug 02:04

kcq

1.40.4

d310b07

Improved `debug` command with new capabilities and enhanced UX

Improvements

Auto-complete in the interactive prompt mode for the target, namespace, pod and session flags
Interactive debug command terminal that runs as if you are connected directly to the target image you are debugging (enabled by default)
Basic sessions for debug command
Ability to show logs for the existing debug command sessions
More debug command flags (see README)
README docs updates for the debug command

Bug Fixes

Many debug command bug fixes

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

13 Jul 07:57

kcq

1.40.3

155f1b7

Debug command refresh and kubernetes support, appbom command, bug fixes

New Features

Kubernetes runtime support for the debug command
appbom command in the main app and --appbom flag in the sensor
merge command to merge two container images (optimized to merge two minified images)

Improvements

More debug command flags
README docs for the debug command
Ability to detect the Docker Desktop unix socket
Code and logging cleanup

Bug Fixes

Sensor volume fix for sensor symlinks (to address the Homebrew installed problems with sensor)
Various dependency updates to get security fixes

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

09 Jun 02:20

kcq

1.40.2

762eea8

Bug fixes and the experimental obfuscate-metadata build command flag to confuse vulnerability scanners

Improvements

New experimental build command flag to prevent the vulnerability scanners from discovering the metadata they need to identify the vulnerabilities (--obfuscate-metadata) inspired by the Malicious Compliance KubeCon EU 2023 talk

Bug Fixes

HEALTHCHECK instruction decoding enhancements to handle the data generated by buildah
fsutil format string bug fix

Binaries

Build them from source or download from a CDN location:

Linux
Linux ARM
Linux ARM64
Mac
Mac M1
Containerized: docker pull dslim/slim

Assets 2

Uh oh!

Releases: slimtoolkit/slim

Improved xray and build, new Docker Engine version support

New Features

Improvements

Bug Fixes

Binaries

Uh oh!

Sensor artifact post-processing bug fix

Bug Fixes

Binaries

Uh oh!

Enhanced Monitor Data Event Log (mondel)

Improvements

Binaries

Uh oh!

Simple container registry server and vulnerability EPSS lookup/query capabilities

New Features

Improvements

Binaries

Contributors

Uh oh!

Multi-arch images, listing container images, improved minification

New Features

Improvements

Bug Fixes

Binaries

Uh oh!

Minor features and improvements for xray, build, profile and debug as well as minor new sensor features

New Features

Improvements

Bug Fixes

Binaries

Uh oh!

Minor features and improvements for xray, build, profile and debug as well as minor new sensor features

New Features

Improvements

Bug Fixes

Binaries

Uh oh!

Improved `debug` command with new capabilities and enhanced UX

Improvements

Bug Fixes

Binaries

Uh oh!

Debug command refresh and kubernetes support, appbom command, bug fixes

New Features

Improvements

Bug Fixes

Binaries

Uh oh!

Bug fixes and the experimental obfuscate-metadata build command flag to confuse vulnerability scanners

Improvements

Bug Fixes

Binaries

Uh oh!