Wolfi: a Community Linux OS Designed for the Container and Cloud-Native Era: https://github.com/wolfi-dev
#linux #update #foss #release #distro #distroless #wolfi #cloud #container

Anyways, the last part of today's research dive was more #Docker.

The most interesting discovery was #distroless images. I was familiar with #Alpine #Linux, but I hadn't really stumbled across distroless yet. Specifically I noticed that #Envoy shipped a distroless image, but neglected to really explain it short of "it's faster and better".

Google's distroless project is limited to standalone application runners (Node, Java), but #ChainGuard has their #Wolfi images that cover more bases. 👍

Before you comment, yes, there are other (and better) solutions for this. I know. 😁

I wrote a quick #go utility to do a simple HEAD check on a given url. Usefull to do healthchecks in #distroless #containers for examples.

Made it available as #opensource, 'cause why not. See https://vanderkleijn.net/posts/healthchecker/ or https://github.com/mvdkleijn/healthchecker if you're curious.

🚨The security blog by #Google
is true gold!

🚀🥳It really helped me to learn more about software supply chain security things including #deps.dev, #go, #SLSA, #SBOM, #scorecard, #distroless, and many more!

🧑🏻‍💻I highly recommend you take a look at this blog!

https://security.googleblog.com/2023/04/celebrating-slsa-v10-securing-software.html

Referenced link: https://hackernoon.com/mastering-distroless-a-guide-to-building-secure-and-efficient-docker-images
Discuss on https://discu.eu/q/https://hackernoon.com/mastering-distroless-a-guide-to-building-secure-and-efficient-docker-images

Originally posted by HackerNoon | Learn Any Technology / @hackernoon: http://nitter.platypush.tech/hackernoon/status/1649035236599103488#m

Learn how to choose the smallest base image size and how to use Distroless to create secure, minimal Docker images for your applications. - https://hackernoon.com/mastering-distroless-a-guide-to-building-secure-and-efficient-docker-images #distroless #devops

Fearless #Distroless https://blog.frankel.ch/fearless-distroless/

#containers #debug #devops #kubernetes

It all started with a commit: Celebrating 6 years of #Distroless https://www.chainguard.dev/unchained/celebrating-6-years-of-distroless

Current status: trying #bun (#javascript runtime) because it has HTMLRewriter 😂
https://bun.sh/docs/api/html-rewriter

Unfortunately they don't have *musl* build so it's quite a hassle to get it work on #alpinelinux and #distroless 🙁

Killer #Go app of 2023: reimplementing that little bash script you had as a static binary so that you can remove shell dependencies from your containers and switch to #distroless.

How to use and build your own #Distroless images?
Read @sselzer new blog post to find out some answers.

https://www.innoq.com/en/blog/how-to-use-and-build-your-own-distroless-images/

Journey to #rust, episode 62534: "Deploy a distroless image on Jelastic"

I've got my POC web server, a simple enough #axum app that... compile. At last.

Then I've managed to dockerize it, but I like to live dangerously and I've been using #podman. So far so good. Learning a lot.

Then enabled Jelastic on Infomaniak https://www.infomaniak.com/en/hosting/dedicated-and-cloud-servers/jelastic-cloud?utm_term=617a889a54450

First problem: "OCI manifest found, but Accept header does not support OCI manifests"
Apparently GitHub does not support serving OCI images from ghcr, I've used another format with podman push -f v2s2 .... This works, done.

Second problem: "The [ jem docker setup ] operation has failed: Container return error message: bash: line 1: touch: command not found"
I suspect #Jelastic does not support #distroless images... I guess I'll have to use one of their "supported" base image, which will be:

• much larger (20 MB vs 300 MB)
• less secure

“Distroless” does not immediately mean 100% secure.

Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images

#articles #security #distroless #ContainerSecurity

“Distroless” does not immediately mean 100% secure.

Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images

#articles #security #distroless #ContainerSecurity

Distroless: 🥑 Language focused docker images, minus the operating system.

https://github.com/GoogleContainerTools/distroless

#security #containers #distroless #tools #infra #DevEx

The Need For Slimmer Containers

https://iximiuz.com/en/posts/thick-container-vulnerabilities/

#distroless
#unikernel
#slimdevops

Yesterday I created a distroless #Docker image for the project PREvant. #Rust and #distroless work seamlessly together. Check it out: https://github.com/aixigo/PREvant/pull/53