Wednesday 15:10
in Titanium3
Introduction
- We start with an example Dockerfile for a Python-based image.
- We will explore the role of OverlayFS, Docker’s file system for combining layers, to understand how layers stack and how data (or even secrets) can be retrieved from individual layers.
Layer Analysis
- To gain better understanding of layering, we use simple command-line tools like
docker historyanddocker inspectto examine image layers. - We introduce
dive, a tool for exploring the contents of each layer. - We apply these insights to optimize the image by implementing multi-stage builds to create a smaller image with fewer layers, improving storage efficiency, build speed, and security.
- We discuss the benefits of Docker’s caching mechanism in reducing build times.
- To gain better understanding of layering, we use simple command-line tools like
Security Enhancements
- Given our example image, we will use
trivy, a comprehensive security scanner, to scan the example image for vulnerabilities and demonstrate how to address common issues. - Finally, we introduce
syftfor generating SBOMs (Software Bill of Materials) to catalog packages, libraries, and dependencies within the image.
- Given our example image, we will use
To get the most out of this session, participants are encouraged to clone the session's repository and build the example Docker image beforehand. Doing so will enable you to follow the demo interactively and experiment with the tools and methods presented during the session.
