DevSecOps provider Slim.ai announced on January 26 that it had raised $31 million in a Series A funding round to advance its vision of enabling automated enterprise security workflows. containers.
An application container contains multiple layers of code that can come from multiple sources. Among the popular ways to optimize containers is open-source DockerSlim project, which helps developers “shrink” Docker containers and optimize deployment. DockerSlim is a community open source project; however, its founders realized there was a need for more functionality in a platform model to support organizations that want to automate container security workflows, which is Slim.ai’s goal. .
“Slim.ai’s mission is to help developers become more productive in building secure, production-ready software,” said John Amaral, co-founder and CEO of Slim.ai. ITPro today. “Today it revolves around the idea that the unit of software for the cloud-native world is a container.”
From DockerSlim to Slim.ai for automated container DevSecOps
With the seed capital it received in late 2019, Slim.ai began building a software-as-a-service (SaaS) platform for DockerSlim in early 2020.
Although DockerSlim can help developers compose container software, in an enterprise DevSecOps (development, security, and operations) workflow, there are additional issues and integrations that need to be addressed.
Amaral explained that Slim.ai extends the value of DockerSlim and provides integrations into the CI/CD system, enabling security analysis and software composition. Additionally, the Slim.ai platform can help developers identify container content from different container registries.
Slim.ai also allows developers to analyze differences between containers over time. Thus, a developer can find out if a specific code library has been modified in a container hosted on a specific registry and how it may differ from the same container on another container registry. Container registries, such as Docker Hub and Google Container Registry, provide a hosted repository for application container images.
Automatic optimization workflow for DevSecOps in Slim.ai
The DockerSlim workflow is now extended for DevSecOps in Slim.ai to enable automatic optimization, according to Amaral. With Slim.ai, after a developer chooses a base image for a container, the platform can optimize the image for deployment and operations, he said.
As organizations use containers more, there is potential for proliferation, with multiple container versions running in different environments. To this end, Slim.ai has a container collection management feature that allows developers to track containers wherever they are deployed.
For example, Amaral said a developer could have a container where the base image comes from Docker Hub and a database instance container comes from AWS. Slim.ai will maintain records for these containers in its system, monitor and manipulate them wherever they are deployed.
“Developers don’t really need to manually track container locations anymore,” Amaral said. “With Slim.ai, they’re all registered in one place, and it’s kind of run like a federated registry.”
Amaral said Slim.ai will continue to develop its platform with features that help further enable an automated DevSecOps workflow.
“We want to create tools for developers so that when they use or produce containers, they can do things easily and optimally, and so that the supply chain risks for these containers are reduced,” said Amaral said. “It’s not just about reducing vulnerabilities; it’s about knowing what your software is made of and having an easy way to control it.”