--cro-host-config-file,--cro-sysctland--cro-shm-sizeflags.- M1 builds.
- xray and sensor volume detection bug fixes.
- Ability to detect additional shells.
- Saving command report to /tmp directory if it's not possible to save it in the current working directory.
- Printing tag information for build command.
- Default
continue-aftervalue handling fix (removeprobemode if http probing is disabled). - Sensor not exiting when it's trying to copy a directory it already copied.
- Ability to find duplicate files for xray (
--detect-duplicates,--show-duplicates). - Ability to find all utf8 encoded files for xray using the
--detect-utf8flag (optionally dumping them to console, directory or tar file). - Ability to find the files with special permissions (
--show-special-perms). - Ability to find all installed shells for xray.
- Container entry information for xray with file detection.
- Inherited image instructions (aka ONBUILD instructions) for xray.
- More image level stats for xray.
- Multiple tags for the build command.
--http-probe-offflag for the build command to provide a shortcut to disable HTTP probing.- Flexible target image handling to use non-default tags if the
latesttag doesn't exist and no explicit tag is provided.
change-match-layers-onlyxray flag to print only the layers that contain the matches.
- xray enhancement: printing to console by default for pattern or data matches.
- Various xray command bug fixes.
- Ability to combine
probeandexeccontinue-aftermodes
- Various xray command bug fixes
- Console color output (on by default; disable with
no-color) - Loading http probe request data from separate files
- Ability to execute external probe commands (
--http-probe-execand--http-probe-exec-fileflags) - Ability to preserve original files in the target container discarding its test runtime data (
--preserve-pathand--preserve-path-file) - Ability to pull container images if they don't exist locally yet (
--pulland--show-plogs) - File hashing for xray (
--hash-data) - Additional flags to control the xray command executions (
--top-changes-max,--reuse-saved-image) - Ability to match by file path, file data and file hash for xray (
--change-path value,--change-data value,--change-data-hash value)
- Lots of additional container build flags (
--tag-fat,--cbo-add-host,--cbo-build-arg,--cbo-label,--cbo-target,--cbo-network,--cbo-cache-from). - Additional container runtime flags (
--cro-runtime) sigintshould kill the running container (#186)
- Various xray image layer inspection bug fixes
- New
xrayflags to control what layer change data to include in the generated reports (layer-changes-max,all-changes-max,add-changes-max,modify-changes-max,delete-changes-max)
hostnetwork flag handling enhancements.- Returning non-zero exit codes on failures
- Additional image checks to catch missing ENTRYPOINT/CMD instructions
- Fixed container image listing bug that broke the
--targetvalue suggestions in the interactive prompt mode.
- Ability to interact with the temporary containers using the
--execand--exec-fileflags
npmsupport enhancements (makes it possible to usenpm startin Dockerfiles, which isn't recommended though)
- Various bug fixes.
- Mapping container ports to specific host ports analyzing image at runtime (
--publish-portand--publish-exposed-portsflags)
seccompsecurity profile generation capability updates- User namespace handling improvements (thanks to
@solarnz)
- Experimental HTTP probe command generation based on the API descriptions from the Swagger and OpenAPI specs (
--http-probe-apispecand--http-probe-apispec-fileflags) - Image metadata editing capabilities to add, remove and update the LABEL, VOLUME, EXPOSE, ENV and WORKDIR instructions (
--new-workdir,--new-expose,--new-label,--new-volume,--remove-volume,--remove-env,--remove-label,--remove-exposeand--image-overridescombined with--expose,--workdir,--env,--volume,--label,--env)
- Layer change details available in the
xraycommand reports when the--changesflag is set. - System and engine information in the command reports to improve debugging
- Ability to enable crawling for the HTTP probes specified using the
--http-probe-cmdflag - Improved HTTP probe crawler documentation
lintcommand (initial Dockerfile linting capabilities with a basic set of checks)- HTTP probe crawler (automatically probes additional endpoints referenced in the processed targets; see the
--http-probe-crawland related flags)
- ARM64 support (need more people to test!)
--http-probe-exit-on-failureflag to exit execution when all HTTP probe calls fail--include-bin-fileand--include-exe-fileflags to make it easier to specify multiple binaries and executables loading them from filesxraycommand report enhancements
- Interactive CLI prompt
xraycommand output improvements- Additional image data saved with the
xraycommand reports (--add-image-manifestand--add-image-configflags)
- New
xrayparameters to control how much to show when it's printing the layer details (--changes valueand--layer value) - Image history enhancements and more data saved in the xray command reports
xraycommand enhancements to show the detailed container image information including its layers and their files and directories (initial version).
- The
--exclude-patternbuildparameter to filter/exclude the artifacts in the optimized container.
- Option to set permissions, user and group information for the artifacts included with the
--include-*parameters. - Option to overwrite the permissions and ownership info in the optimized image using the new
--path-permsandpath-perms-fileparameters.
- Option to run the containerized application using user and group information from the USER instruction.
- Filter leftover PID files.
- UX enhancements for the containers created using Dockerfiles.
- Additional debugging information.
- Support for special install directories on Linux (to prevent failures when
docker-slimis trying to save its state).
- Saving command execution report, by default (
slim.report.json). - CLI output UX enhancements.
- Docker connect info checks.
- Version check fixes when running in containers.
- Run
docker-slimin containers. - New distribution option (
dslim/docker-slimimage available in Docker Hub). - Archive
docker-slimstate into a separate Docker volume.
- Default to continuing
docker-slimexecution after the http probing step is done when http probing is enabled. - Improved IPC.
- Improved seccomp and metadata artifact copy option.
- Improved execution report.
- Build minified images from
sourceusing the new--from-dockerfilebuild flag (seeREADME.mdfor details).
- Custom HTTP POST probes support request bodies
- Enhanced build command reports with additional container image metadata (using the global
--reportflag) - Ability to update the minified image Dockerfile instructions (using the --new-cmd, --new-entrypoint, --new-expose, --new-workdir, --new-env and --image-overrides flags)
- Dockerfile volume support
- HTTP probes by default (you will have to disable HTTP probes if you don't need them)
- Various UX enhancements to provide better CLI feedback and to avoid generating minified images that might not work
- TTY bug fix caused by an external dependency (used to track update download progress)
- Experimental ARM32 support
- Easy way to keep a shell in your image (just pass
--include-shellto thebuildcommand) - Easy way to include additional executables (
--include-exeflag) and binary objects (--include-binflag), which will also include their binary dependencies, so you don't have to explicitly include them all yourself updatecommand - now you can updatedocker-slimfromdocker-slim!- Current version checks to know if the installed release is out of date
- Improvements to handle complex
--entrypointand--cmdparameters
- Better Mac OS X support - when you install
docker-slimto /usr/local/bin or other special/non-shared directories docker-slim will detect it and use the /temp directory to save its artifacts and to mount its sensor - HTTP Probing enhancements and new flags to control the probing process
- Better Nginx support
- Support for non-default users
- Improved symlink handling
- Better failure monitoring and reporting
- The
--include-path-fileoption to make it easier to load extra files you want to keep in your image - CentOS support
- Enhancements for ruby applications with extensions
- Save the docker-slim command results in a JSON file using the
--reportflag - Better support for applications with dynamic libraries (e.g., python compiled with
--enable-shared) - Additional network related Docker parameters
- Extended version information
- Alpine image support
- Ability to override ENV variables analyzing target image
- Docker 1.12 support
- User selected location to store DockerSlim state (global
--state-pathparameter). - Auto-generated seccomp profiles for Docker 1.10.
- Python 3 support
- Docker connect options
- HTTP probe commands
- Include extra directories and files in minified images