DevSecOps leader Jit came to Slim.AI seeking to create a better experience for their users in terms of security and velocity. That meant a reduction in both container size and vulnerabilities. Like many organizations of their size, Jit didn’t want to dedicate resources to deal with container hardening and optimization, instead keeping their developers focused on building.
Manual vulnerability remediation is rapidly becoming out of the question for organizations aiming to stay competitive and meet the security demands of their customers. As reported in the 2022 Public Container Report, the average public container now has 387 packages — a 14% increase compared to 2021. The license count in the 165 most-used public containers on Docker Hub exploded 2.5x from 2021 to 2022. There are increases in container layer count and average size, as well. This complexity leads to more difficult debugging, more onerous record-keeping, and slower deployments in general.
Jit was drawn to the easy lift of integrating Slim.AI’s automatic vulnerability removal within their CI/CD. “I found Slim’s approach innovative, promising and worth exploring, especially due to the low integration effort compared to the potential benefit,” says David Melamed, Jit CTO & Co-Founder.
Jit and the Slim.AI team worked together to automate their container hardening process by creating repeatable container hardening settings that can be used every time Jit makes a code change. A container’s hardening settings are developed by adding a new container layer with sensors that observe while the container runs, sending observations back to Slim.AI.
Working with Slim.AI, Jit achieved their goal of significantly reducing the size of their containers, which they did consistently by 30–90%. “We reduced a container from 1.2 GB to 100 MB. I did not expect it to be that much and I was happily surprised,” says Melamed.
Jit is now hardening dozens of containers as part of their CI. On some containers, they’ve seen a 100% elimination of critical and high risk vulnerabilities, saving them hundreds of hours of manual vulnerability remediation per year and increasing dev velocity. Jit is also seeing storage and platform usage cost savings, halving boot times and reducing the average time to scan a container by 21%.