You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I used the GitHub search to find a similar question and didn't find it.
I searched in the documentation/README.
I already searched in Google "How to do X" and didn't find any information.
I already read and followed all the tutorial in the docs/README and didn't find an answer.
Commit to Help
I commit to help with one of those options 👆
Example Code
Please see the commit referenced below.
Description
Problem: The frontend and backend images work fine for basic proofs of concepts, but could benefit from a more secure baseline. This would help downstream users deploy the resulting images into a production setting with a lower barrier to entry. There's a free option which is gaining popularity across Linux container projects by the company Chainguard.
Additionally, the compose and Dockerfile files in the mentioned commit were modified to allow for users using Linux security context labels (i.e. SELinux w/ Podman Desktop) to build/mount files. I haven't tried this with Docker yet, but it should be a seamless change. Below I've shown scan results after building/running the resulting images successfully and scanning them with Anchore's Grype tool.
Backend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above.
Frontend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above. Note, this uses both the Node and Nginx images, just as the original Dockerfile does, where the resulting image is actually the Chainguard Nginx image.
Below are the respective sizes for all 4 images as well, note how the Chainguard versions are considerably smaller.
There still needs to be a bit of work done to assess/validate functionality, particularly for cross platform (x86_64/amd64 and arm64) images, but I was able to at least build and run the docker compose stack successfully and verified some basic functionality.
Operating System
macOS
Operating System Details
MacOS
M1 Macbook 14"
Python Version
3.12
Additional Context
I'm using Podman Desktop which causes a few issues, particularly with regard to applications requiring access to the Docker socket (i.e. Traefik).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
First Check
Commit to Help
Example Code
Description
Problem: The frontend and backend images work fine for basic proofs of concepts, but could benefit from a more secure baseline. This would help downstream users deploy the resulting images into a production setting with a lower barrier to entry. There's a free option which is gaining popularity across Linux container projects by the company Chainguard.
With some minor modifications to the frontend and backend images' Dockerfiles, such as those in this commit, users can benefit from Chainguard's free Python and Node images which are built with security in mind. Their free open source images are continuously updated (daily) to mitigate security vulnerability findings, and would be
Additionally, the compose and Dockerfile files in the mentioned commit were modified to allow for users using Linux security context labels (i.e. SELinux w/ Podman Desktop) to build/mount files. I haven't tried this with Docker yet, but it should be a seamless change. Below I've shown scan results after building/running the resulting images successfully and scanning them with Anchore's Grype tool.
Backend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above.
Frontend image scan results^. The top half are the results after scanning the backend (arm64) image as-is from the project's master branch while the bottom half shows the image, based on Chainguard, using modifications in the commit above. Note, this uses both the Node and Nginx images, just as the original Dockerfile does, where the resulting image is actually the Chainguard Nginx image.
Below are the respective sizes for all 4 images as well, note how the Chainguard versions are considerably smaller.
There still needs to be a bit of work done to assess/validate functionality, particularly for cross platform (x86_64/amd64 and arm64) images, but I was able to at least build and run the docker compose stack successfully and verified some basic functionality.
Operating System
macOS
Operating System Details
MacOS
M1 Macbook 14"
Python Version
3.12
Additional Context
I'm using Podman Desktop which causes a few issues, particularly with regard to applications requiring access to the Docker socket (i.e. Traefik).
Beta Was this translation helpful? Give feedback.
All reactions