There are a number of web/SaaS based vulnerability scanners out there actually :) Snyk's SaaS does it, for example. Free to sign up, free to use. My company's SaaS also provides container scanning with Grype and Trivy. There was another free web-based tool I found a while ago too (forgot the name... will look for it).
You are oversimplifying it picking comp as a single/only dimension. There's so much more to being in a startup. That's ok. For some people maximizing current comp is the most important thing. Others have a more long term game where working at a startup with lower comp opens up new opportunities later on (even if the startup equity doesn't work out). For other people it's about feeling alive... What's the point of higher comp at a big company if you hate your life (or, in a less extreme case, where you just don't feel fulfilled or satisfied)...
Slim.AI | CTO Innovation Office R&D Engineer | Full-time | Remote or WA State
I'm the CTO/founder. I also created SlimToolkit (aka DockerSlim), which recently became a CNCF Sandbox project. If you have a background and passion for container internals, cloud native technology and security this might be an interesting role for you. I'm looking for an engineer (the exact title depends on your background/experience) to join the CTO Innovation Office team to work on advanced research projects and experiments. There'll be AI related experiments too :-)
If you think it's a good match for you and you want to learn more email me: cto@slim.ai
Kyle is good people, I've worked with him before and I'd be pleased to work with him again some time. Unfortunately although I use Docker I'm a cloud skeptic. ;-)
Wonder if anybody is really using buildpacks... The stats i've seen recently show that it doesn't have much adoption and I'm very curious why it's not adopted more.
The post also doesn't mention SlimToolkit (aka DockerSlim), which is now a CNCF Sandbox project. It represents another major way to create minimal container images.
buikdpacks is actually used by Google cloud to build container images from your app source code.
i used dockerslim in the past and i was impressed. i didn't add to the article since i wasn't aware it became a CNCF protect. I wasn't sure who was using it.
Slim.AI | Sr Backend Engineers | REMOTE or Seattle/Bellevue/WA | Full-time | Golang, AWS, Containers
I'm the founder and CTO at Slim.AI. I created DockerSlim as a hackathon project and it turned into a journey to help devs building containerized cloud-native apps. We are still early stage, but we are fortunate enough to have 40M+ to support our mission.
Our engineering team is the innovation engine for our product because we are building a solution to solve our own problems creating and running containerized cloud-native applications.
We don't do Leetcode or the usual trivia-based puzzles and whiteboarding interviews. We customize the interview process based on the candidates and their background to make sure we get to learn as much possible and to see how working together can be mutually beneficial.
Our Engineering Principles:
* We use what we build.
* We share a common cloud-native mindset and a platform thinking DNA.
* We create stage appropriate designs that can evolve and that can be thrown away when necessary.
* We optimize for evolvable architecture building an extensible and composable system with disposable components using an API first approach.
* We optimize our designs for people first and machines second.
* We care about the entire system we are building considering the needs of our teammates and the impact of the design decisions we make.
* We learn together.
* We share knowledge and give back to the tech community.
* We have a written down and transparent culture that enables our remote first asynchronous approach to engineering.
* We have a lightweight engineering process based on trust, self-alignment and visibility.
Email me at cto@slim.ai if you'd like to learn more.
One word... libc :-) There's tons of info on the internet about the gotchas in Alpine. Even fly.io gave up on using/supporting Alpine based container images and they are probably one of the most competent and capable engineering teams out there.
Honestly I didn't know that. I have only used alpine based images for some pure python webservers and was fairly happy with the size and no bugs so far. So what is the go to distro for base image for containers these days? Ubuntu-minimal?
And yeah libc was a pain for us even for AppImages. You'd think that something as fundamental as C library would be standardized on Unixes...
Alpine's libc is intentionally non-standard* and Alpine (at least, some of their members) explicitly state that Alpine is not GNU Linux while most other distros people use are :)
distroless is picking up a lot of interest especially with its recent uptick in its adoption in the kubernetes community.
Seems like today is the day of misconceptions for docker-slim on HackerNews :-) Happy to answer any questions. AMA
One thing I'd like to mention right away is that docker-slim doesn't do function level code elimination and that simplifies what it needs to do in a significant way.
There's always a trade off. You are willing to do more low level work "manually" assembling container images your way with apko. You are also willing to accept Alpine randomly exploding in your face :) Different people have different preferences in terms of what risks they will take. For example, I wouldn't use Alpine even if somebody paid me money to use it :) That's because Alpine is not a standard Linux distro and you need to be able to "own" it with all of it's gotchas and incompatibilities. Not everybody is capable of doing that. I know I'm not that good :-) In other cases people can't change their base images.
There are a number of web/SaaS based vulnerability scanners out there actually :) Snyk's SaaS does it, for example. Free to sign up, free to use. My company's SaaS also provides container scanning with Grype and Trivy. There was another free web-based tool I found a while ago too (forgot the name... will look for it).