Slim Command Line Interface (CLI)
Not only do we have the Slim Platform for connecting registries, scanning images for vulnerabilities, and slimming containers, we have the Slim CLI to enable you to handle all of these processes right from your terminal or in any environment you choose. These are scripts meant to be seamlessly integrated into your CI/CD pipeline. Take a look at how we harden a Node.js application from the CLI using Github Actions.
Below, we give an overview of useful CLI commands for interfacing with Slim.
Install the Slim CLI
curl https://platform.slim.dev/.service/releases/slim/latest | sh
Generate and save a CLI config file
slim config gen --save --token <MY_TOKEN>
You can also find the installation instructions on the Slim Developer Platform.
Upon installation, you’ll see an output in your terminal that looks like this.
If so, you’ve successfully install the Slim CLI and you’re ready to start scanning, instrumenting, and hardening your images!
Our commands are carefully crafted with Linux and Docker-based syntax in mind to enable you to learn and work effectively with Slim from the command line.
Adding the Slim Sensor to your container so it can act as an intelligence agent to collect data during the observation step in the hardening process.
slim instrument <IMAGE_NAME_WITH_TAG> produce a container image instrumented with runtime analysis tools, known as Slim sensors
Produce a hardened container image from the instrumented container using runtime analysis reports
slim harden --instrumented-image <YOUR_ORG/YOUR_IMAGE:TAG> - the instrumented image used to produce the runtime analysis reports
slim harden --instrumented-image-connector <YOUR_ORG/YOUR_IMAGE:TAG> - explicitly select a collector to use for image manipulations
slim harden --include-path <FILE_PATH> - explicitly specify file path to be included in the hardened container
slim harden --instrumented-image <YOUR_ORG/YOUR_IMAGE:TAG> --pull - pull the hardened image into the local Docker daemon (default: false)
This command gives access to connector management commands listed below.
slim connectors type - list the available connector types
slim connectors ls - list the connectors you currently have set up
slim connectors describe - retrieves details for a specific connector
describe command options:
--connector-id <ID> - target a specific connector with this required flag
--verbose - show more data (default: false)
--help - shows a list of commands or help for one command
slim connectors help - shows a list of commands or help for one specific
This command gives you an overview of the main commands you can utilize to scan, instrument and harden container images.
Slim CLI examples of usage
Here are some practical examples of how you can leverage our CLI in real time to optimize your containers.
Instrumenting a container image that’s connected to a registry
After scanning your image, the next natural step is for Slim to generate an instrumented version of your container, which will include sensors that will observe the contents of your packages, files, binaries, etc. that are being utilized through runtime and testing processes.
Target the image of your choice, like in this example, to generate that instrumented container.
slim instrument \ --include-path /service \ --stop-grace-period 30s \ ghcr.io/slim-ai/saas-examples-harden-simple-app:latest
slim instrument --help returns a list of available command options for instrumenting a container.
--include-path - explicitly include one or more file paths in the hardened image
--stop-grace-period - override the instrumented container's stop graceful timeout (default: 5s)
Hardening an instrumented container image
After generating an instrumented version of a container image, you can harden the container by target the instrumentation attempt ID you will have received from the output.
slim harden --id <instrumentation attempt ID>
This command is what allows you to harden a container image as one of the steps to deploy more secure, more lightweight code to production.
A full rundown of the automated hardening process can be found in our our docs here.
We’re always updating our CLI and documentation. Continue to check back for latest information on newly released features and how to start using them!
Feel free to join our Discord and we are always welcome to any questions and/or feedback!