docker-slimmer

module
v0.0.0-...-0cc74a4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 22, 2026 License: MIT

README

Docker-Slimmer: Production-Grade Image Optimizer

CI Go Report Card Go Version Docker

Docker-Slimmer is an automated tool designed to transform legacy, bloated Dockerfiles into highly-efficient, secure, and lightweight multi-stage builds. It helps DevOps engineers modernize inherited container images by applying industry best practices such as Distroless base images and aggressive cache cleaning.

Key Features

  • Multi-Stage Build Automation: Automatically splits your build process into build-time and runtime stages.
  • Distroless Runtime Support: Uses Google's Distroless static images for minimal attack surface and smallest possible footprint.
  • Automated Cache Cleaning: Integrated support for apt and apk package managers to remove temporary build files.
  • Security-First Approach: Runs as nobody user by default and removes unnecessary shell binaries.
  • Artifact Isolation: Only copies required binaries and configuration files to the final image.

Why Use Docker-Slimmer?

Legacy Docker images often carry 500MB+ of overhead (compilers, build tools, package caches). Docker-Slimmer can reduce image size by up to 90% while significantly improving security by removing shell access and common vulnerabilities (CVEs) found in base OS distributions.

Getting Started

Prerequisites
  • Go 1.22+ (to build the tool)
  • Docker (to build the optimized images)
Installation
git clone https://github.com/niksecops-crypto/docker-slimmer.git
cd docker-slimmer
go build -o slimmer ./cmd/slimmer
Usage

Optimize a legacy Go-based Dockerfile by extracting a binary to a Distroless runtime:

./slimmer --base golang:1.22-alpine --artifacts /app/main --output Dockerfile.optimized

Production Best Practices

  • Scan Before & After: Use tools like trivy or grype to verify the reduction in vulnerabilities.
  • Test Entrypoints: Ensure all runtime dependencies are explicitly copied to the final stage.
  • Distroless for Security: Prefer gcr.io/distroless/static for statically linked binaries (Go, Rust).

License

Distributed under the MIT License. See LICENSE for more information.

Maintained by niksecops-crypto

Directories

Path Synopsis
cmd
slimmer command
pkg
optimizer

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.