Slim Developer Platform Changelog

Team Slim typically releases new features and functionality to our web portal, CLI, and APIs weekly. Bookmark this page and check frequently to get the latest.

Recent Releases

August 17th, 2023: Slim Platform

Updated Login View

We've given our Login page a new look and feel to reflect the evolution of the Slim brand. This also includes an updated Product Tour that gives users a glimpse into our Dashboard experience, image watching, Slack integration tooling, container profiling, and automated hardening.

New Security Overview

A "Security" view has been added to the Slim Platform. This is the future home of our Security features for triaging and managing vulnerabilities.

Vulnerability Burndown Chart

Our image vulnerability Burndown charts have been updated to provide an improved user experience.

Dashboard Performance

Performance improvements to the Dashboard were made to more quickly display customer image inventory for our larger customers.

UX

Updates to the Dashboard "hero stats" widgets now highlight two "Coming Soon" features to create a more visually consistent experience.

Deprecation

We have removed Bitbucket as a Sign Up / Login option

August 7th, 2023: Slim Platform

Reachability for Vulnerability Prioritization

The Reachability feature allows for users to see a prioritized list of vulnerabilities in an image based upon their level of severity, if they are considered to be fixable, and if they are “reachable” within the Container Profile views. After a container is profiled, packages that are observed to be running are considered Reachable Packages and should enable teams to better prioritize which vulnerabilities to focus on remediating.

New Dashboard Now Available to All Users

A new Dashboard, recurring scanning, and Slack notifications for the images users care about. Users can add image:tags from their connected registries for us to continuously scan. We call these “watched images,” and they are listed on the Dashboard in the “Secured Images” table. The Dashboard displays some key stats about their coverage with Slim. We will scan image:tags for changes ad hoc (whenever a user runs a scan in the Portal) and at least daily.

You can authenticate with Slack and select a channel to send Vulnerability Diff information to on a per-image:tag basis.

Burndown Chart for Container Image Analysis

Users can view a graphical vulnerabilities “burndown chart” when viewing container image profiles to assess how Slim has improved the security of their containers over time.

July 20th, 2023: Slim Portal

AWS ECR bug fix

There was a bug that prevented AWS ECR users with an _ (underscore) as the "namespace" for their images has been resolved.

Hardened community images

We have references to hardened Community Images to the Onboarding Search screen. These link to the image:tag pages for the images and allow users to take a deeper look into popular images that have been taken through the hardening process.

July 20th, 2023: Slim CLI: Version 0.0.17

  • Default `slim instrument` (or `slim inst`) and `slim harden` (or `slim hard`) default timeout flag value increased to 15 minutes to match the backend attempt timeout. Previously, the default was set to 5 minutes if no value was specified.

July 5th, 2023: Slim Portal

Improved Onboarding Experience

New users to the Slim product will experience a focused Onboarding experience that invites them to Connect a Registry right away, so that we can begin scanning and helping them secure their images.

New users who want to see what Slim offers prior to connecting a registry, will have the ability to quickly experience our scanning capabilities by searching for public images and viewing our Xray, Vuln, and Package scan information. The focus our our image:tag scan experience has changed from being container expert focused to security focused highlighting vulnerabilities over container composition. They will be sent through the onboarding flow on subsequent visits until they decide to Connect a Registry or until they join an Org via invitation.

New Dashboard and Slack Integration (Design Partners only)

Users who opt to Connect a Registry, will have access to a new Dashboard, recurring scanning, and Slack notifications for the images they care about. They can add image:tags from their connected registries for us to continuously scan. We call these “watched images,” and they are listed on the Dashboard in the “Secured Images” table. The Dashboard will also display some key stats about their coverage with Slim including the number of registries connected, the ratio of watched to unwatched repos, the ratio of watched to unwatched image:tags, and the total number of images we’ve scanned for them. We will scan image:tags for changes ad hoc (whenever a user runs a scan in the Portal) and at least daily.

You can authenticate with Slack and select a channel to send Vulnerability Diff information to on a per-image:tag basis.

Burndown Chart for Container Image Analysis

Users can view a graphical “burndown chart” on the image:tag page for a given image:tag to see how it’s vulnerabilities have changed over time.

May 25, 2023: Slim Portal

Image profile overview

The new image profile overview page highlights key security information about your image. This page provides a summary of vulnerabilities, the packages impacted by high and critical vulnerabilities, and all of the other key information about the image. Deep dive into the image details and vulnerabilities using the left navigation tabs.

Harden page

The new Harden section of the Slim Portal makes it easy to jump back into the hardening process where you left off. The Hardening in Progress tab displays all images that are in the process of being hardened. Once you mark a hardened image as complete, indicating that the hardened image can now replace the original image, we list that image in the Hardened tab.

My registries updates

The My registries tab now includes the Connected Registry table so that once you have added a connector, you can easily access all of your images from one place.

Improved performance

We have made some performance enhancements to our front end to decrease page load time, so that you can access our content quickly.

May 12, 2023: Slim Portal

Updated navigation

Our new, scalable navigation makes it easy to find what you need throughout the Slim Platform.

Collections deprecation

We have deprecated our current Collections feature as part of a larger effort to more effectively surface the images you care about. Stay tuned for more updates.

April 6, 2023: Slim Portal

Improved onboarding

We’ve updated our homepage to improve the onboarding experience. Now, you can connect your registry, scan images using Trivy and Grype, and begin the hardening process directly from our homepage launch pad.

Grype Scan Results

We’ve updated our method for pulling CVEs from the Grype database to ensure that we provide users with the most accurate CVE dataset (previously we pulled the largest CVE dataset from Grype). This will align Grype results on the Slim Platform with stand alone Grype results.

Downloadable Hardening Artifacts

With this release, you can now view, download, and select the hardening artifacts collected during the instrumentation phase of hardening.

March 31, 2023: Slim CLI: Version 0.0.13

  • ARM support for hardening images; use the --platform flag to set the correct platform for the instrumented and hardened images.
  • Generate vulnerability scans directly from the CLI using new vscan commands.
  • Hardening ease-of-use commands including the ability to list all hardening attempts for an image, list all runs for a hardening attempt, and download hardening artifacts.

March 24, 2023: Slim Portal

Enhanced Vulnerability Scanning and SBOMs for Slim Hardened Images

We’ve made it much easier to verify vulnerability reduction as a result of Slim's automated container hardening process. You can now run Trivy, Grype, Snyk, Prisma Cloud (Twistlock), or any 3rd-party scanner on your hardened images produced via Slim platform. You can also generate SBOMs using 3rd-party tools for these images with complete and accurate Package information.

Automatically generate CycloneDX SBOMs

Slim automatically generates an SBOM every time it scans or hardens one of your images. You can download the SBOM directly from the Packages tab for the scanned image. We currently provide SBOMs in the CycloneDX format, but other formats (including SPDX) are coming soon.

Support for ARM images

Attention Mac M-chip users! We now support profiling, instrumenting, and hardening for ARM-based containers. You will now be able to see ARM images in any Connected Registry and be able to harden them via the Portal or CLI. Note: This feature does not yet include cross-architecture (i.e., ARM to AMD) capabilities. Stay tuned for updates on multi-architecture improvements.

document.addEventListener('DOMContentLoaded', function() { const richTextFields = document.querySelectorAll('.uui-text-rich-text'); richTextFields.forEach(field => { let htmlContent = field.innerHTML; const regexPattern = /@@(.*?)@@/gs; let formattedHtml = htmlContent.replace(regexPattern, '
$1
'); field.innerHTML = formattedHtml; }); });