As creator and maintainer of the DockerSlim open source project and co-founder of Slim.AI, I’m often asked to share my story about how both came to be.
The roots of DockerSlim stretch back to 2013, when Docker Engine was introduced as an open source project. Yes, Linux containers existed well before then, but the introduction of Docker Engine was pivotal, because Docker made container technology simpler to use. Docker Engine did for containers what Apple did for mobile phones and music players; the technology existed before the iPhone and iPod, but Apple changed the game in terms of the user experience.
I should add that in 2014 Google open sourced Kubernetes, which joined Mesos and a few other container orchestrators already in existence. But by 2015, Docker Engine was well on its way to becoming the industry’s de facto container runtime, enabling containerized applications to run consistently on any infrastructure. With Docker, Kubernetes, and cloud computing converging like a perfect storm, the shift toward container-based infrastructure had clearly begun.
The shift to containerized applications brought its own set of challenges. In 2015, as a security professional and a developer, I observed that application developers were struggling with the finer points of getting containers ready for production. It was easy enough to create a proof of concept by copying and pasting container images that were readily available on the internet, but taking it to the next step to production-readiness—that is, a container that was optimized for both performance and security—was more challenging than it should be. Very few developers could or would invest in implementing best practices because of the expertise, time and manual work required to optimize a container, remove vulnerabilities, and minimize the attack surface.
That’s when I came up with the concept of DockerSlim—a tool for developers that would simplify that next step of preparing production-ready containers by automating container best practices. My vision was to offer to all developers (not just the container experts) a simple, user-friendly way of optimizing and securing containers before moving them to production.
The Adventure Begins
As it would happen, in late 2015, the Docker community held a Global Hack Day in Seattle, with a variety of companies in cities around the world hosting local events. I went to Seattle to explore whether or not the DockerSlim ship would set sail. I spent the first phase of the event sharing the concept of container minification and brainstorming with developers about optimizing and securing containers. Everybody I talked with seemed to like the concept of DockerSlim, which I described as “a magic diet pill for your containers.”
But, as we all know, there’s a big difference between theory and reality. During the functional phase of the event people saw firsthand that you really can take a fat container and make it much smaller; and not only does it still work, it works more reliably, efficiently, and securely!
That’s when the fun began. People were genuinely surprised and excited to see what DockerSlim could do, and the judges apparently saw the value in the idea too, because DockerSlim won 1st place for the Seattle Global Hack Day and took 2nd place in the global “plumbing” category.
The Birth of Open Source DockerSlim
The publicity that DockerSlim received as a result of winning the Global Hack Day competition exposed the project to a broader audience. That’s how the seeds were sown for the open source community that uses and supports DockerSlim (opens new window) today. It didn’t happen overnight. Instead, it was a gradual process as a grassroots community emerged and grew, nourished by word-of-mouth referrals.
At first, a few people reached out and started using DockerSlim, and they shared their experiences and their particular applications. Some of those people talked about the project at Docker community events, and eventually DockerSlim was mentioned in a Docker blog post and on Twitter. As more people used DockerSlim, users became contributors, expanding DockerSlim’s features and functions as they adapted it to meet their needs. One contributor, for instance, wanted to use DockerSlim on ARM 64, so he contributed the support for that functionality, which is now available to everyone.
DockerSlim, in fact, is a great example of why and how open source software works. People and organizations feel more comfortable adopting open source solutions because you know that if something needs to be fixed or improved, you or the community can make it happen. With proprietary solutions, you have to rely on the vendor to prioritize the change you want made. With open source, you own your own tool, whereas with commercial, closed source software, you’re at the vendor’s mercy. The open source approach is something we wanted for DockerSlim from the beginning. We knew we were on the right track, but the project was in its early phases and could benefit from adoption and contributions. The open source approach has been ideal for DockerSlim.
Hey, There’s a Business Here!
Around 2019, DockerSlim was gaining momentum, maturing as a solution, and developing a significant following among early adopters, and not just for one segment of users.
That’s a rarity: you usually make one segment happy with a solution, and the other segments and stakeholders don’t see the value or find it is at cross purposes with their own objectives; this creates internal friction and makes the path to widespread adoption more challenging. Fortunately, DockerSlim made a lot of stakeholders happy, including those who cared about developer experience, compliance, security, and budget. I also began to receive numerous requests for additional features and functionality, including interest in a more end-to-end experience.
Over a period of many months, I had conversations with John Amaral (opens new window), whom I’d known for years, in addition to CloudLock founders (now of FXP Ventures) Gil Zimmermann, Ron Zalkind, and Tsahy Shapsa, and those who would become our early partners and employees. That year was filled with demos, white board sessions, and countless discussions about what developers want and need from containers as we mapped out the phases of product development and put the pieces in place to launch the company.
Slim.AI was born in 2020 on the premise that true software security comes from within. Our vision for developer-driven security is to empower developers to employ container best practices to deliver not only more efficient and performant software but more secure software as well. I invite you to follow our journey by signing in (for free) on the Slim SaaS platform (opens new window) and giving us feedback on what we can do better to help you.