DevSecOps vendor Slim.ai announced on Jan. 26 that it has raised $31 million in a Series A round of funding to advance its vision of enabling automated container security workflows.
An application container contains multiple layers of code that can come from any number of sources. Among the popular ways to optimize containers is with the open-source DockerSlim project, which helps developers “slim down” Docker containers and optimize deployment. DockerSlim is a community open-source project; however, its founders realized that there was a need for more capabilities in a platform model to support organizations that want to automate container security workflows, which is the goal of Slim.ai.
"The Slim.ai mission is to help developers become more productive at building secure, ready-for-production software," John Amaral, co-founder and CEO of Slim.ai, told ITPro Today. "Today that revolves around the idea that the unit of software for the cloud-native world is a container."
From DockerSlim to Slim.ai for Automated Container DevSecOps
With seed money it received at the end of 2019, Slim.ai began building a software-as-a-service (SaaS) platform for DockerSlim at the beginning of 2020.
While DockerSlim can help developers with container software composition, in an enterprise DevSecOps (development, security, and operations) workflow, there are additional concerns and integrations that need to be addressed.
Amaral explained that Slim.ai extends the value of DockerSlim and provides integrations in an organization's CI/CD system, enabling security analysis and software composition. Additionally, the Slim.ai platform can help developers identify what's in containers taken from different container registries.
Slim.ai also enables developers to analyze differences across containers over time. As such, a developer can discover if a specific code library was changed in a container hosted on a specific registry and how it might differ from the same container on a different container registry. Container registries, such as Docker Hub and Google Container Registry, provide a hosted repository for application container images.
Automatic Optimization Workflow for DevSecOps in Slim.ai
The DockerSlim workflow is now being expanded for DevSecOps in Slim.ai to help enable automatic optimization, according to Amaral. With Slim.ai, after a developer chooses a base image for a container, the platform can optimize the image for deployment and operations, he said.
As organizations use containers more, there is the potential for sprawl, with multiple container versions running in different environments. To that end, Slim.ai has a container collections management feature that allows developers to keep track of containers, wherever they are deployed.
For example, Amaral said a developer could have a container where the base image comes from Docker Hub and a database instance container that comes from AWS. Slim.ai will hold records for those containers in its system, and monitor and manipulate them regardless of where they are deployed.
"Developers don't really have to manually keep track of where containers live anymore," Amaral said. "With Slim.ai, they are all recorded in one place, and it's sort of managed like a federated registry."
Amaral said Slim.ai will continue to build out its platform with features that help further enable an automated DevSecOps workflow.
"We want to make tools for developers so that when they are using or producing containers, that they can do things easily and optimally, and so that the supply chain risks for those containers are reduced," Amaral said. "It's not just about vulnerability reduction; it's about knowing the composition of your software and having an easy way to control it."