Jit Reduces Container Size 90% And Cuts Bootstrap Time in Half
Anne James
Feb 17, 2023
DevSecOps leader Jit came to Slim.AI seeking to create a better experience for their users in terms of security and velocity. That meant a reduction in both container size and vulnerabilities. Like many organizations of their size, Jit didn’t want to dedicate resources to deal with container hardening and optimization, instead keeping their developers focused on building.
Manual vulnerability remediation is rapidly becoming out of the question for organizations aiming to stay competitive and meet the security demands of their customers. As reported in the 2022 Public Container Report, the average public container now has 387 packages — a 14% increase compared to 2021. The license count in the 165 most-used public containers on Docker Hub exploded 2.5x from 2021 to 2022. There are increases in container layer count and average size, as well. This complexity leads to more difficult debugging, more onerous record-keeping, and slower deployments in general.
Jit was drawn to the easy lift of integrating Slim.AI’s automatic vulnerability removal within their CI/CD. “I found Slim’s approach innovative, promising and worth exploring, especially due to the low integration effort compared to the potential benefit,” says David Melamed, Jit CTO & Co-Founder.
Jit and the Slim.AI team worked together to automate their container hardening process by creating repeatable container hardening settings that can be used every time Jit makes a code change. A container’s hardening settings are developed by adding a new container layer with sensors that observe while the container runs, sending observations back to Slim.AI.
Working with Slim.AI, Jit achieved their goal of significantly reducing the size of their containers, which they did consistently by 30–90%. “We reduced a container from 1.2 GB to 100 MB. I did not expect it to be that much and I was happily surprised,” says Melamed.
Jit is now hardening dozens of containers as part of their CI. On some containers, they’ve seen a 100% elimination of critical and high risk vulnerabilities, saving them hundreds of hours of manual vulnerability remediation per year and increasing dev velocity. Jit is also seeing storage and platform usage cost savings, halving boot times and reducing the average time to scan a container by 21%.
share
Related Articles
Introducing Slim's Scanner Orb for CircleCI
Get vulnerability and container composition analysis with every new container build
Heather Thacker
Contributor
Jit Reduces Container Size 90% And Cuts Bootstrap Time in Half
DevSecOps platform achieves a step change in DevX with minimal integration effort
Anne James
Product Marketing Manager
Increasing Your CI/CD Velocity with Slim Containers
We’ll explain what Slim Containers are, how they speed up the build process, and how they can improve the efficiency of your testing.
Mike Mackrory
Contributor
Are Scratch Containers More Secure?
We dive into the intricacies of whether or not you should build a container from scratch, or use a tool like DockerSlim to harden your containers.
Building SlimToolkit into a Jenkins Pipeline
A step by step tutorial on building SlimToolkit into your CI/CD pipeline.
Integrate Testing into Your Container Pipeline
A closer look at testing within container pipelines, CI/CD, software delivery, and containerization.
Faith Kilonzi
Software Engineer
Creating a Container Pipeline with GitLab CI
Shipping containers the easy way
Improving the Developer Experience When Adopting Cloud-Native Best Practices
PaymentWorks Case Study
Josh Viney
Product
Q&A With Priceline CTO Marty Brodbeck
We talk container workflows, DevX, and cloud-native at scale
Improving the Developer Experience When Adopting Cloud-Native Best Practices
PaymentWorks Case Study
Josh Viney
Product