With software supply chain security becoming a top-of-mind concept when developing and running software, container analysis, management and optimization have become crucial.

By enabling developers to know everything about their software, ship to production, and remove as many vulnerabilities as possible, Slim.AI Inc. offers a pre-optimized capability through container slimming, according to John Amaral (pictured), co-founder and chief executive officer of Slim.AI.

“So Slim.AI has built a bunch of capabilities and tools that allow software developers at their desks to better understand and build secure containers that really reduce software supply,” Amaral stated. “Slimming reduces supply chain risk by lowering the attack surface in your container. It also trims your supply chain to only the minimum pieces you need, which really causes a lot of improvements in the operational overhead of having software supply chain security.” 

Amaral spoke with theCUBE industry analyst John Furrier during the DockerCon event, an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how Slim.AI enhances software supply chain security through container slimming and its partnership with Docker. (* Disclosure below.)

The beauty of containers

Since containers have numerous producers and consumers, users are becoming more concerned about minimizing software supply chain risk, according to Amaral.

“The beautiful part about containers is they’re portable; it’s an easily transferable piece of software,” he said. “Consumers of containers that care about supply chain risk are now starting to push back to producers saying, ‘Take those vulnerabilities out.’”

With tens of thousands of developers and 500,000-plus downloads, Slim.AI boosts software supply chain security by enabling developers to understand the risk surface, according to Amaral.

“So we help developers do three important things: know everything about the software in their containers, only ship stuff to production that you need, and remove numerous vulnerabilities,” he stated.

Since Docker is the sandbox for all local work needed to build containers, Amaral believes their partnership enables developers to optimize outputs.

“Docker is a ubiquitous platform. Their hub has millions and millions of containers,” he pointed out. “We’ve got millions and millions of developers using Docker Desktop to actually build and work on containers.” 

The launch of the Docker Extension program will make container analysis easy, according to Amaral.

“We are one of the lucky ones, because we’ve been selected to build one of the early Docker desktop plug-ins,” he explained. “It’s derived from our SaaS platform, capabilities and open source. It’s effectively an MRI machine, an awesome analytic tool that allows any developer to really understand the composition, security and profile of any container they work with.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the DockerCon event.

(* TheCUBE is a paid media partner for DockerCon. Neither Docker, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE