Building SlimToolkit into a Jenkins Pipeline

Martin Wimpress
← Slim Blog

Despite all the hype that GitHub Actions, GitLab Runner, and other similar solutions receive, the true workhorse in the world of enterprise CI/CD is Jenkins. Jenkins has been around for over a decade at this point, and it will run essentially anywhere that an organization wants it to run. The Jenkins installation guide covers Kubernetes, containers, and multiple operating systems, and it can be hosted on-premises, in the public cloud, or even on a developer’s laptop.

In this tutorial, we will show you how to build SlimToolkit into a Jenkins pipeline. For our purposes, we’ll assume that you have a system running Docker Community Edition with Internet access. Docker Desktop will also work.

Let’s get into it!

Two-Step Guide to Running a Basic, Temporary Jenkins Instance

If you do not have an existing Jenkins instance available, you can set up a temporary one on any VM running Docker. To get the basic installation of Jenkins running successfully, the documentation strongly recommends that you have at least 4GB of RAM and 10GB of disk space available.

Based on the Jenkins Installation on Linux documentation, we need to install git, wget, and Jenkins, then enable Jenkins to run Docker commands and start the service. You can do all of that as follows:

sudo yum upgrade -y
sudo yum install java-11-openjdk git wget -y
sudo wget -O /etc/yum.repos.d/jenkins.repo \
sudo rpm --import
sudo yum install jenkins -y
sudo useradd -G docker jenkins
sudo systemctl daemon-reload
sudo systemctl enable --now jenkins.service

After that, Jenkins will be running on the host on port 8080, and it will want to know the admin password that was generated. This is the command to extract it:

cat /var/lib/jenkins/secrets/initialAdminPassword

Jenkins is now ready to go. You can access it with the password that was output by the command. (It will look something like this: 4444abc2222def6666fed7777cba111.) The first time you connect, you can select the default plugins and create a user, if desired.

The Process Flow from Application Source to Image

The process flow below includes adding SlimToolkit. Things can get far more complex, but this illustrates how easy it is to add SlimToolkit and begin taking advantage of its many benefits, including security posture and container size optimization.

Creating a Jenkins Pipeline with a Basic Script

Jenkins runs its multi-stage jobs as pipelines. For our tutorial, we’ll create a minimalist pipeline that will retrieve the source code and build it as a container.

As you can see below, our Jenkins dashboard is empty. Let’s start by adding a new item:

Now, we need to pick “Pipeline” as the type of item to create.

Once you’ve selected “Pipeline,” scroll all the way down to the bottom of the configuration screen. We will be creating our pipeline using a script.

Our script will perform several functions:

  1. Clone the source code repository.
  2. Switch to the main branch.
  3. Build the container.
  4. List the container image (including its size).

Here is the code for the pipeline script:

pipeline {
  agent none
  stages {
   stage('Clone sample container repository') {
      agent any
      steps { sh 'rm -rf nginx-site-a'
        sh 'git clone'
        sh 'cd nginx-site-a ; git checkout main'
    stage('Building the container') {
      agent any
      steps {
        sh 'cd nginx-site-a ; docker build -t .'
    stage('List images') {
      agent any
      steps {
        sh 'docker images'

The next step is to run “Build Now.” When it finishes, we’ll view the output contained in the build log.

You can view the logs by clicking “Console Output” under “Build History.”

You can see the sizes at the bottom of the log:

[Pipeline] { (List images)
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/tutorial-pipeline
[Pipeline] {
[Pipeline] sh
+ docker images
REPOSITORY      TAG     IMAGE ID   CREATED    SIZE  latest   0ad6571ed2ac     1 second ago  142MB
nginx       latest   670dcc86b69d     7 days ago    142MB
[Pipeline] }

Now we have a baseline that we can use to see to what extent DockerSlim will improve things.

Installing SlimToolkit on the Host

SlimToolkit is one of the easiest utilities to install.

The first step is to go to the release page and grab the latest release. In this case, that’s version 1.37.5, which you can find here.

wget -O dist_linux.tgz \
tar.gztar -xzf dist_linux.tgz
install dist_linux/docker-slim* /usr/bin/

We can confirm that it works like this:

$ docker-slim -v
docker-slim version linux|Transformer|1.37.5|86fbd29ab3549fa564e87e4770178480cb0542d3|2022-03-21

Adding SlimToolkit to the Pipeline

This is as easy as adding a separate step to the pipeline. In our case, it comes before the “List Images” step. For more information about using SlimToolkit, the best place to start is the on the GitHub page.

 stage('Running DockerSlim') {
      agent any
      steps {
        sh 'docker-slim build'

Re-Running the Pipeline and Viewing the Sizes in the Console Output

After the job finishes, navigate back to “Build History” and select “Console Output.” If you scroll to the bottom of the log, you can view the output. As you can see, the new container that we built (which is 12MB) is much, much smaller than the one we started with (which was 142MB).

[Pipeline\] sh
+ docker images
REPOSITORY      TAG   IMAGE ID   CREATED   SIZE   latest   bfcc5125d200  1 second ago  12MB
docker-slim-empty-image  latest   01e6adb432f4  21 seconds ago  0B   latest   0ad6571ed2ac  26 minutes ago  142MB
nginx       latest   670dcc86b69d  7 days ago   142MB


SlimToolkit is an invaluable tool for creating lightweight containers that are more secure by default. It can be run in production to improve your overall security posture. Regardless of whether the actual container build is performed by Docker, Packer, or another tool, SlimToolkit can perform its magic as long as the container is OCI-compliant.

To learn more about SlimToolkit and how to use it in containerized pipelines, you can sign up for the Slim.AI developer platform.

Make security collaboration easier today

Join the waitlist to try out Slim's shared workspace for communicating and coordinating vulnerability fixes with your software vendors.
Responsive HubSpot Form

Join our Beta

Take the complexity and frustration out of coordinating vulnerability fixes with your vendors.

  • Communicate directly in the platform to assign owners, due dates and negotiate fixes
  • Get a view into the status of each vulnerability
  • Receive notifications the moment vulnerabilities are fixed

Additionally, our Beta users get access to:

  • Multiple vulnerability scanners
  • SBOM generation
  • Reachability analysis
  • Enhanced container intelligence software
  • Dedicated Support

Join our Beta

Take the frustration out of vulnerability fixes with software vendors directly on our platform.

  • Assign owners, set due dates, track vulnerability statuses, and get instant fix notifications.
  • Beta users gain access to multiple scanners, SBOM generation, reachability analysis, enhanced container intelligence, and dedicated support.