You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm building a minified ubuntu:20.04 based image with a few applications. I have to specify the applications to keep manually using several include statements as shown below.
Minifying an image appears to break scanning tools such as 'docker scan' and 'docker sbom'. These scanning tools are unable to properly scan/inventory my 'slim' image. Is there a way to specify a list of dpkg (dpkgdb) packages to keep, or some other way of preserving dpkgdb for the packages I want to keep?
The text was updated successfully, but these errors were encountered:
Some scanners do better than others, but it's a common problem with scanners. DockerSlim ends up exposing their primitive and hacky design :-) Instead of trying to make the broken scanners work DockerSlim will produce its own component metadata.
I'm building a minified ubuntu:20.04 based image with a few applications. I have to specify the applications to keep manually using several include statements as shown below.
docker run -it --rm
-v /var/run/docker.sock:/var/run/docker.sock
-v ${DOC_BUILD_ROOT}/docker-slim-state:/bin/.docker-slim-state
dslim/docker-slim build
--http-probe=false
--continue-after 1
--tag=${IMAGE}.slim:${VERSION}
\ # Restore dependencies listed below
--include-shell \
--include-path=/etc \
--include-bin=/bin/sh \
--include-bin=/bin/sleep \
--include-bin=/sbin/ip \
--include-bin=/usr/bin/python3 \
--include-path=/usr/bin/supervisorctl \
--include-bin=/usr/sbin/tcpdump \
--include-path=/lib/libgcc_s.so.1 \
--include-path=/lib/x86_64-linux-gnu/libgcc_s.so.1
--include-path=/usr/lib/python3 \
--include-path=/usr/lib/python3.8
--include-path=/usr/local/lib/python3.8 \
--include-path=/opt/ \
--include-path=/var/log
${IMAGE}:${VERSION}
Minifying an image appears to break scanning tools such as 'docker scan' and 'docker sbom'. These scanning tools are unable to properly scan/inventory my 'slim' image. Is there a way to specify a list of dpkg (dpkgdb) packages to keep, or some other way of preserving dpkgdb for the packages I want to keep?
The text was updated successfully, but these errors were encountered: