Getting Started

Want to get a handle on the vulnerabilities in your containers?

The Slim Developer Platform lets you harden containers in a straightforward way, removing vulnerabilities and reducing attack surface to create a more secure production environment.

To get started, simply create a free account, and then connect a registry, discover vulnerabilities, and harden your containers — automatically, every build.

Slim works on any base image, language ecosystem, or package manager and can be plugged in to CI/CD or even run in Kubernetes.

Let's get started!

Create an Account

To create an account, navigate to the Slim Developer Platform. You can sign-in using GitHub, GitLab, Google, or Bitbucket.

Once you’re logged in, you’ll see the home page with a quickstart guide to connect your container registries with authenticated credentials, discover vulnerabilities in your containers with multiple scanning engines, and harden your first container.

Slim Home Page

Connect Your First Registry

While Slim lets you search across multiple public registries including Docker Hub, AWS ECR, and RedHat Quay, the true power of the platform comes when you work on your own container images.

To do so, use the "Launch Pad" on the homepage to create your first Connector, or choose to "Connectors" link from the top navigation.

Connectors allow you to access your own images through authenticated connections to whichever container registry you currently use (Docker Hub, AWS, Google, Azure, Red Hat, and more).

Read more about Connectors.

Connectors Screenshot

Discover Vulnerabilities

Once you've connected a registry, it's time to analyze your own images and assess their vulnerability profiles and attack surface. You'll find a list of your containers in the Launch Pad under "Discover Vulnerabilities" as well as in the "Connected Registries" tab lower on the page.

You can navigate to any Container Profile page to get information about your container construction.

The Vulnerabilities tab lists results from two popular open-source scanners (Trivy and Grype), and displays information about the vulnerability count, severity, and package origin.

Read more about Multi-Engine Vulnerability Scanning

Vulnerability Report screenshot

Harden your container

Now that you know how many vulnerabilities are in your container, it's time to get rid of them — with Automated Container Hardening.

From the Launch Pad or Container Profile page, click the Harden button. You'll enter a series of questions to configure your hardening profile, run observations on the container, and create a functionally equivalent container with fewer vulnerabilities and reduced attack surface.

Read more about Automated Container Hardening.

Hardening Screenshot

Next Steps

With Slim.AI you can also:

  • Download our CLI tool for local development and scripting in CI/CD.
  • Get insights into your container’s construction and security profile. Continue to Container Profiles to learn more.
  • Compare container image versions. We break this all down for you in Container Diff.

To get a breakdown of what "container slimming" is all about, head to Container Slimming 101.

And if you want to try a generic example using NGINX, follow our guide.

Interested in using Slim for your team? Inquire here.