Releases: slimtoolkit/slim
Releases · slimtoolkit/slim
Bug fixes and UX improvements
Improvements
- Ability to detect additional shells.
- Saving command report to /tmp directory if it's not possible to save it in the current working directory.
- Printing tag information for build command.
Bug Fixes
- Default
continue-aftervalue handling fix (removeprobemode if http probing is disabled). - Sensor not exiting when it's trying to copy a directory it already copied.
Binaries
Build them from source or download from a CDN location:
Many new xray capabilities including duplicate file, utf8 file and shell detection
New Features
- Ability to find duplicate files for xray (
--detect-duplicates,--show-duplicates) - Ability to find all utf8 encoded files for xray using the
--detect-utf8flag (optionally dumping them to console, directory or tar file). - Ability to find the files with special permissions (
--show-special-perms). - Ability to find all installed shells for xray.
- Container entry information for xray with file detection.
- Inherited image instructions (aka ONBUILD instructions) for xray.
- More image level stats for xray.
Improvements
- Multiple tags for the build command.
--http-probe-offflag for the build command to provide a shortcut to disable HTTP probing.- Flexible target image handling to use non-default tags if the
latesttag doesn't exist and no explicit tag is provided.
Binaries
Build them from source or download from a CDN location:
New XRAY capabilities, application probing enhancements, many new build, runtime and optimization flags and colors for the console output.
New Features
- Console color output (on by default; disable with
no-color) - Loading http probe request data from separate files
- Ability to execute external probe commands (
--http-probe-execand--http-probe-exec-fileflags) - Ability to preserve original files in the target container discarding its test runtime data (
--preserve-pathand--preserve-path-file) - Ability to pull container images if they don't exist locally yet (
--pulland--show-plogs) - File hashing for xray (
--hash-data) - Additional flags to control the xray command executions (
--top-changes-max,--reuse-saved-image) - Ability to match by file path, file data and file hash for xray (
--change-path value,--change-data value,--change-data-hash value)
Improvements
- Lots of additional container build flags (
--tag-fat,--cbo-add-host,--cbo-build-arg,--cbo-label,--cbo-target,--cbo-network,--cbo-cache-from). - Additional container runtime flags (
--cro-runtime) sigintshould kill the running container (#186)
Bug Fixes
- Various xray image layer inspection bug fixes
Binaries
Build them from source or download from a CDN location:
New XRAY command flags, bug fixes and UX improvements
New Features
- New
xrayflags to control what layer change data to include in the generated reports (layer-changes-max,all-changes-max,add-changes-max,modify-changes-max,delete-changes-max)
Improvements
hostnetwork flag handling enhancements.- Returning non-zero exit codes on failures
- Additional image checks to catch missing ENTRYPOINT/CMD instructions
Bug Fixes
- Fixed container image listing bug that broke the
--targetvalue suggestions in the interactive prompt mode.
Binaries
Build them from source or download from a CDN location:
exec/exec-file build flags, cleanup and bug fixes
New Features
- Ability to interact with the temporary containers using the new
--execand--exec-fileflags (thanks to@nathants).
Improvements
- NPM support enhancements
- Various bug fixes
Binaries
Build them from source or download from a CDN location:
seccomp generation and external test integration improvements
New Features
- Mapping container ports to specific host ports analyzing image at runtime (
--publish-portand--publish-exposed-portsflags)
Improvements
seccompsecurity profile generation capability updates- User namespace handling improvements (thanks to
@solarnz)
Binaries
Build them from source or download from a CDN location:
Experimental lint command, HTTP crawling and other improvements
New Features
lintcommand (initial Dockerfile linting capabilities with a basic set of checks)- HTTP probe crawler (automatically probes additional endpoints referenced in the processed targets; see the
--http-probe-crawland related flags)
Improvements
- ARM64 support (need more people to test!)
--http-probe-exit-on-failureflag to exit execution when all HTTP probe calls fail--include-bin-fileand--include-exe-fileflags to make it easier to specify multiple binaries and executables loading them from filesxraycommand report enhancements
Binaries
Build them from source or download from a CDN location:
Interactive CLI prompt and xray command improvements
New Features
- Interactive CLI prompt. For more info about the interactive prompt see
go-prompt.
Improvements
xraycommand output improvements- Additional image data saved with the
xraycommand reports (--add-image-manifestand--add-image-configflags)
Binaries
Build them from source or download from a CDN location:
xray command improvements with more information and more command parameters
New Features (includes 1.28.0)
xraycommand enhancements to show the detailed container image information including its layers and their files and directories (initial version).
Enhancements
- New
xrayparameters to control how much to show when it's printing the layer details (--changes value and --layer value) - Image history enhancements and more data saved in the
xraycommand reports - The
--exclude-patternbuildparameter to filter/exclude the artifacts in the optimized container.
Binaries
Build them from source or download from a CDN location:
Enhanced xray command to show the detailed container image information including its layers and their files and directories
Status
Outdated (use the new 1.28.1 release instead)
New Features
xraycommand enhancements to show the detailed container image information including its layers and their files and directories (initial version).
Enhancements
- The
--exclude-patternbuildparameter to filter/exclude the artifacts in the optimized container.
Binaries
Build them from source or download from a CDN location: