Slim Command Line Interface (CLI)

Not only do we have the Slim Platform for connecting registries, scanning images for vulnerabilities, and slimming containers, we have the Slim CLI to enable you to handle all of these processes right from your terminal or in any environment you choose. These are scripts meant to be seamlessly integrated into your CI/CD pipeline. Take a look at how we harden a Node.js application from the CLI using Github Actions.

Below, we give an overview of useful CLI commands for interfacing with Slim.

Install the Slim CLI

For installation:

curl | sh

Generate and save a CLI config file

slim config gen --save --token <MY_TOKEN>

You can also find the installation instructions on the Slim Developer Platform.

Upon installation, you’ll see an output in your terminal that looks like this.

Screen Shot of the Slim CLI Welcome

If so, you’ve successfully install the Slim CLI and you’re ready to start scanning, instrumenting, and hardening your images!

Core Commands

Our commands are carefully crafted with Linux and Docker-based syntax in mind to enable you to learn and work effectively with Slim from the command line.

slim instrument

slim harden

slim connectors

slim help

slim instrument

Adding the Slim Sensor to your container so it can act as an intelligence agent to collect data during the observation step in the hardening process.

slim instrument <IMAGE_NAME_WITH_TAG> produce a container image instrumented with runtime analysis tools, known as Slim sensors

slim harden

Produce a hardened container image from the instrumented container using runtime analysis reports

slim harden --instrumented-image <YOUR_ORG/YOUR_IMAGE:TAG> - the instrumented image used to produce the runtime analysis reports

slim harden --instrumented-image-connector <YOUR_ORG/YOUR_IMAGE:TAG> - explicitly select a collector to use for image manipulations

slim harden --include-path <FILE_PATH> - explicitly specify file path to be included in the hardened container

slim harden --instrumented-image <YOUR_ORG/YOUR_IMAGE:TAG> --pull - pull the hardened image into the local Docker daemon (default: false)

slim connectors

This command gives access to connector management commands listed below.

slim connectors type - list the available connector types

slim connectors ls - list the connectors you currently have set up

slim connectors describe - retrieves details for a specific connector

describe command options:

--connector-id <ID> - target a specific connector with this required flag

--verbose - show more data (default: false)

--help - shows a list of commands or help for one command

slim connectors help - shows a list of commands or help for one specific connector command

slim help

This command gives you an overview of the main commands you can utilize to scan, instrument and harden container images.

Slim CLI examples of usage

Here are some practical examples of how you can leverage our CLI in real time to optimize your containers.

Instrumenting a container image that’s connected to a registry

After scanning your image, the next natural step is for Slim to generate an instrumented version of your container, which will include sensors that will observe the contents of your packages, files, binaries, etc. that are being utilized through runtime and testing processes.

Target the image of your choice, like in this example, to generate that instrumented container.

slim instrument \
  --include-path /service \
  --stop-grace-period 30s  \

slim instrument --help returns a list of available command options for instrumenting a container.

--include-path - explicitly include one or more file paths in the hardened image

--stop-grace-period - override the instrumented container's stop graceful timeout (default: 5s)

Hardening an instrumented container image

After generating an instrumented version of a container image, you can harden the container by target the instrumentation attempt ID you will have received from the output.

slim harden --id <instrumentation attempt ID>

This command is what allows you to harden a container image as one of the steps to deploy more secure, more lightweight code to production.

A full rundown of the automated hardening process can be found in our our docs here.

We’re always updating our CLI and documentation. Continue to check back for latest information on newly released features and how to start using them!

Feel free to join our Discord and we are always welcome to any questions and/or feedback!