Where communities thrive

  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
    Kyle Quest
    There are other —continue-after options you can use to decide when the analysis phase is done. enter tells docker-slim to wait for external console input. That way you can manually signal the end of the analysis phase.
    The signal --continue-after option lets you use unix signals to let docker-slim know when the analysis phase should be done.
    The timeout —continue-after option gives you have a time-based approach to dedice when the analysis phase is done. You can specify a number to —continue-after to choose how many seconds you want to wait before the analysis phase is done.
    Kyle Quest
    The exec —continue-after option lets you indicate that you want the analysis phase to be done once the shell commands passed through the —exec or —exec-file params are done executing in the temporary container.
    Note that you can combine the exec and probe options (e.g., --continue-after probe&exec). With these stacked options the analysis phase will be done once the exec commands are done executing and the probing phase is done.
    @kcq Thanks a lot for the detailed answer! In fact I noticed that in an other case the analysis asked me to press enter, but for some reason it did not do that in this case. I'm also updating my question in the discussion board on github.
    @kcq all right, nvm yo already answered my question there as well :D
    Thanks a bunch!
    Is it possible to add docker run parameters to the docker-slim build command? Some/all of the ones mentioned here: https://docs.docker.com/engine/reference/commandline/run/ . For my use case I'm looking to increase the shm size via --shm-size
    Kyle Quest
    @bt-nia there’s going to be a dedicated flag for it in the next release (called --cro-shm-size), but there’s already a flag you can leverage to get the same results. It’s called --cro-host-config-file and you can specify a custom shared mem size in the ShmSize there. You’ll need to build the latest code yourself to get the --cro-host-config-file flag.
    1 reply
    Kyle Quest
    When you minify your images or when you are looking for new images to use you want to understand what's inside. It's easy to do with Slim SaaS, but the image needs to be stored in a registry. Here's a short demo that shows how to explore and investigate local images you don't have in a registry yet: https://downloads.dockerslim.com/share/docker-slim-xray-upload.gif
    Kyle Quest
    You can do the same by uploading your xray command artifacts on this page (note: the invite code from the URL should auto-fill on the login page): https://portal.slim.dev/xrayupload?invitecode=invite.1s85zlfnYX0p5TT1XKja49pAHbL
    Chas Emerick
    slim was able to give me a 58MB image for a nontrivial webapp, which seems great. To get there though, I had to use --include-shell, even though the container has a non-shell CMD set (otherwise, I got exec user process caused "no such file or directory"). Any idea why?
    1 reply
    Chas Emerick
    Also, it seems slim is only running / GET, and not following any links. I've tried a couple different flags (e.g. --http-probe-crawl --http-probe-cmd crawl:/), but they only seem to change how many times / is retrieved
    1 reply
    Joshua Hogendorn
    hey all, i'm attempting to run docker slim from the containerised version, however i'm getting broken pipe on docker.sock. any pointers?
    Sugato Ray

    I am new to using docker-slim. I tried using docker-slim on ubuntu 20.04 and it worked with slimming down an nginx (official) docker image. But when I tried using the same technique on official image of ubuntu:20.04 or ubuntu:18.04, it threw an error. Is this quite common with ubuntu:20.04? Any help will be appreciated. Thank you.

    Failure message With ubuntu:20.04

    $ docker-slim build --target ubuntu:20.04 --tag sugatoray/ubuntu.slim:20.04
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    cmd=build info=param.http.probe message='using default probe' 
    cmd=build state=started
    cmd=build info=params rt.as.user='true' keep.perms='true' tags='sugatoray/ubuntu.slim:20.04' target.type='image' target='ubuntu:20.04' continue.mode='probe' 
    cmd=build state=image.inspection.start
    cmd=build info=image id='sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1' size.bytes='72776513' size.human='73 MB' 
    cmd=build info=image.stack id='sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1' index='0' name='ubuntu:20.04' 
    cmd=build state=image.inspection.done
    cmd=build state=container.inspection.start
    cmd=build info=container status='created' name='dockerslimk_1783268_20211026094927' id='db7d8b4f1abc847b0be54a88c497495cf72eca8b9e31fd79194acb0284fa866b' 
    time="2021-10-26T04:49:28-05:00" level=error msg="channel.Client.Read: read error (read tcp> read: connection reset by peer), exiting..."
    time="2021-10-26T04:49:28-05:00" level=error msg="channel.NewCommandClient: channel verify error = read tcp> read: connection reset by peer"
    cmd=build info=cmd.startmonitor status='sent' 
    cmd=build info=event.startmonitor.done status='received' 
    cmd=build info=container target.port.list='' target.port.info='' message='YOU CAN USE THESE PORTS TO INTERACT WITH THE CONTAINER' name='dockerslimk_1783268_20211026094927' id='db7d8b4f1abc847b0be54a88c497495cf72eca8b9e31fd79194acb0284fa866b' 
    cmd=build state=http.probe.error error=no exposed ports message=expose your service port with --expose or disable HTTP probing with --http-probe=false if your containerized application doesnt expose any network services 
    cmd=build state=exited code=33554435
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    Kyle Quest
    @sugatoray summarizing what i added in the github issue, so others here might benefit from the info… By default, docker-slim expects to see ports in the target image, so it can probe the application running in the container using those ports, but the ubuntu image doesn’t have any ports declared. It’s a base image that you’d normally use to be a containerized app. You can disable probing by using the —http-probe=false flag, but if you want to minify a base image like ubuntu you’ll need to figure out what you still want in that base image and you’ll need to use —include-path or other similar parameter to tell docker-slim about what you want to keep. Normally when you minify an application container image you don’t need to do that because your application provides enough information for docker-slim. Without an application docker-slim can’t guess how you intend to use the image and that’s why you need to use those —include-* parameters.
    1 reply
    Ben Talberg
    Hey all, new to docker-slim. Has anyone had trouble with the python3 requests library after slim-ifying their container? Our app authenticates against Auth0, and the app is failing when trying to fetch Auth0's JSON Web Keys. I see a Name or service not known error, so this appears to be a problem with the container's DNS routing. I've looked at the hostname, resolv.conf, etc. files, and compared the docker inspectoutput, between the fat and the slimmed containers, and I can't see anything glaringly wrong or different. I also used --include-path to include everything under /etc and everything under python's site-packages folder. I can upload more info, but I thought I'd start here. Here's the request connection error:
    requests.exceptions.ConnectionError: HTTPSConnectionPool(host='wildflowerschools.auth0.com', port=443): Max retries exceeded with url: /.well-known/jwks.json (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f8d2239ccd0>: Failed to establish a new connection: [Errno -2] Name or service not known'))
    1 reply
    Kyle Quest
    @btalberg thank you for sharing! need to investigate this a bit more. Ideally you shouldn't need those includes. We'll figure out what's going on :)
    1 reply
    Hi everyone, I am facing an issue related to the docker-slim image. When running a python application with normal docker images, the application is running on Flask and the API URL is also working. When running this application with docker-slim image, the application is running but none of the APIs are working.
    Get the following error "home:1 Access to XMLHttpRequest at 'http://localhost:7002/PATH' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
    Steve Simpson

    Hi Everyone :wave:

    Loving docker-slim! Having some issues getting it to run as part of our gitlab pipelines though. I can build the docker image as normal but then get an image.not.found status when running docker-slim build. I'm using docker dind here. Sanitised gitlab-ci.yml if anyone can offer any advice

      image: docker:latest
      stage: build
        - docker:dind
        ECR: 'xxx.dkr.ecr.xxx.amazonaws.com'
        NAMESPACE: 'xxx'
        IMG_NAME: 'my-img'
        TAG: 'test'
        - wget -O /usr/local/bin/docker-credential-ecr-login https://amazon-ecr-credential-helper-releases.s3.us-east-2.amazonaws.com/0.5.0/linux-amd64/docker-credential-ecr-login
        - chmod +x /usr/local/bin/docker-credential-ecr-login
        - mkdir ~/.docker
        - echo "{\"credsStore\":\"ecr-login\",\"credHelpers\":{\"$ECR\":\"ecr-login\"}}" > ~/.docker/config.json
        - cat ~/.docker/config.json
        - docker info
        # Build image
        - docker build -t "${FULL_PATH}:${TAG}" .
        # Build docker-slim image
        - docker run -v $(pwd):/mnt -e DOCKER_HOST=tcp://$(grep docker /etc/hosts | cut -f1):2375 dslim/docker-slim --in-container build --http-probe=false --exec-file mnt/files/slim/slim.sh --include-path-file mnt/files/slim/includes.txt --tag "${FULL_PATH}:${TAG}-slim" "${FULL_PATH}:${TAG}"
        # Push both versions to ECR
        - docker push "${FULL_PATH}:${TAG}"
        - docker push "${FULL_PATH}:${TAG}-slim"
        - master
    Sanitised pipeline error:
    cmd=build info=params target.type='image' target='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test' continue.mode='exec' rt.as.user='true' keep.perms='true' tags='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test-slim' 
    cmd=build info=target.image.error status='image.not.found' image='xxx.dkr.ecr.xxx.amazonaws.com/xxx/my-img:test' message='make sure the target image already exists locally (use --pull flag to auto-download it from registry)'
    Kyle Quest
    @stevesimpson418 which version of docker-slim did you use (when did you run it the last time)? dslim/docker-slim will pull the latest, but wanted to double check what specific version it maps too. There’ve been a couple of similar problems in the past.


    I am trying to minify a spring boot (java11) image. when running build with docker-slim it starts the http-probe but it seems to timeout everytime. The application itself is defnitely working and the ports are exposed. When I try to minify it without the http-probe, build finishes but when I try to run the image I get a java stacktrace, saying it is missing it's main class. Can somebody tell me what is going wrong here?

    1 reply
    there is an error when i run docker-slim
    ockerslimk_2908191_20220123091918' id='dc9550659102daf969790ccb30494a035441c12e98977f05222813648ef628df' target.port.list='' target.port.info=''
    cmd=build state=http.probe.error message=expose your service port with --expose or disable HTTP probing with --http-probe=false if your containerized application doesnt expose any network services error=no exposed ports
    cmd=build state=exited code=33554435
    cmd=build state=container.target.shutdown.start
    cmd=build state=container.target.shutdown.done
    docker-slim: message='join the Gitter channel to ask questions or to share your feedback' info='https://gitter.im/docker-slim/community'
    docker-slim: message='join the Discord server to ask questions or to share your feedback' info='https://discord.gg/9tDyxYS'
    docker-slim: message='Github discussions' info='https://github.com/docker-slim/docker-slim/discussions'
    1 reply
    i have tried many version
    Hi, sorry for a stupid question, I would love to use docker-slim,
    but my problem is that I switched from docker to podman,
    Is there anything like podman-slim? Basically a similar tool which wouldn't require a docker daemon?
    3 replies
    Marton Kodok
    I wrote about integrating DockerSlim to Cloud Build, we have leaner, smaller, more secure containers at @Reea_Romania for our #googlecloud clients. #cloudrun #cloudbuild #cloud #docker @GoogleDevExpert collaboration with docker-slim team https://medium.com/p/64da29fd58d1
    Hi all, new to docker-slim,
    how do i pass my docker run command args to the docker-slim build commands
    2 replies
    Hi All, I have a golang app that listens on port 8080 but it opens the port only once it gets the configuration from a configuration server. I am trying to use docker-slim build on container image running the app. http probe is not successful as app does not open port 8080. If I set the http-probe to false, the slim image is made but the container is not able to do http communication. Please suggest how to resolve this issue
    1 reply
    Katleho Madisa
    Hi. I came across docker-slim and wanted to used it to reduce one of my image's size. I just wanted to find out if it can be used for a c++ app? I have managed to run docker-slim on my image and tried to include some of the paths to the compiled executables. However when I try to run them, I get /bin/sh: ./bin/app: not found. Anybody knows what could be causing that. Any help will be appreciated. Thanks.
    karan singh
    Dear docker-slim maintainers, whenever you have time, can you guys check out this issue that i am facing
    Niaz Hussain
    hi , Is there any method to run docker-slim in https://github.com/GoogleContainerTools/kaniko
    Kyle Quest
    Kaniko is a specialized image build tool and the best bet is to integrate docker-slim as a post-build step. This integration is not supported natively yet, but it is on the roadmap to use non-docker build and runtime engines

    Hi! Hope you all good.
    I have recently started using docker-slim and I have spent almost all day trying to slim an image, but at the end I get the same error message:

    level=error msg="dockerutil.CopyFromContainer: dclient.DownloadFromContainer() error = inactivity time exceeded timeout"
    level=fatal msg="docker-slim: failure" error="inactivity time exceeded timeout" stack="goroutine 1 [running]:\nruntime/debug .................

    All my probes are succefull, and the slim report returns:
    "version": "1.0",
    "engine": "linux|Transformer|1.37.6|26a36c88a94c677efd734e874ba081dabb84a224|2022-04-23_06:03:56AM",
    "containerized": false,
    "host_distro": {
    "name": "Ubuntu",
    "version": "22.04",
    "display_name": "Ubuntu 22.04 LTS"
    "type": "build",
    "state": "error",
    "target_reference": "my_api",
    "system": {
    "type": "",
    "release": "",
    "distro": {
    "name": "",
    "version": "",
    "display_name": ""
    "source_image": {
    "identity": {
    "id": ""
    "size": 0,
    "size_human": "",
    "create_time": "",
    "docker_version": "",
    "architecture": "",
    "container_entry": {
    "exe_path": ""
    "minified_image_size": 0,
    "minified_image_size_human": "",
    "minified_image": "",
    "minified_image_has_data": false,
    "minified_by": 0,
    "artifact_location": "",
    "container_report_name": "",
    "seccomp_profile_name": "",
    "apparmor_profile_name": "",
    "image_stack": [...]

    I hope you can help me. Thanks!

    1 reply
    Saddam ZEMMALI
    nginx: [emerg] mkdir() "/var/lib/nginx/tmp/client_body" failed (2: No such file or directory)
    1 reply
    David Grayson

    hi folks. I'm new to docker-slim and trying to minify a python app, but I can't seem to get the necessary dependencies included just to execute the main entrypoint. i've tried using the entrypoint itself with the --exec flag, but still no luck. here's my command and output

    docker-slim build --target model:local --http-probe-off --exec "seldon-core-microservice"
    cmd=build info=continue.after mode='exec' message='provide the expected input to allow the container inspector to continue its execution'
    cmd=build info=continue.after mode='exec' shell='seldon-core-microservice'
    docker-slim[build][exec]: output: Traceback (most recent call last):
    docker-slim[build][exec]: output:   File "/app/.local/bin/seldon-core-microservice", line 5, in <module>
    docker-slim[build][exec]: output:     from seldon_core.microservice import main
    docker-slim[build][exec]: output: ModuleNotFoundError: No module named 'seldon_core'

    what am I missing here?

    Menelaos Kotsollaris
    hey! Is it possible to run docker-slim within a container?
    My strategy is to have a multi-stage container and call docker-slim in the last stage to minify content. I was wondering if there are any examples of this strategy!
    1 reply
    Jakub Miazek
    Hi, Im not sure if there is any other channel to ask tech q: i have below slim command on my python app using python:3.9.12-slim-bullseye >>>
    docker-slim build --compose-env-file service.env --compose-file docker-compose.slim.yml --target-compose-svc data-api --dep-include-target-compose-svc-deps true --include-shell --include-bin /usr/bin/curl --http-probe-exec data-api box/test-data-api:latest
    curl is not available after slim is done 😦 and have no errors
    not sure if there is any mistake in above cmd
    2 replies
    1 reply
    hello guys who has the same issue?
    it seems that docker-slim can't find out docker info
    Gürkan İndibay
    I have a docker image which could be run with parameters
    docker run -d --name citus -p 5500:5432 -e POSTGRES_PASSWORD=mypassword citusdata/citus
    I'm trying to make it slim using the command below
    docker-slim build --dockerfile Dockerfile --dockerfile-context .
    Since docker-slim is trying to run the image without parameters, it gets an error and when I check the local docker images I can see a docker image named "docker-slim-tmp-fat-image.45563.20220707100131"
    How could I pass the run parameters and make docker-slim execute "docker run" successfully?
    Kyle Quest
    @gurkanindibay you can pass most docker run parameters to docker-slim. For example, you can pass the environment variables using the --env docker-slim param
    Arsalan Khan

    Hi Team, I am trying to slim one of the docker images built on linux/amd64. I am using mac m1 and got the following error

    cmd=build info=build.error status='optimized.image.build.error' error='failed to get destination image "sha256:11f111d5f1e19203639fb5d0089231c00d2f1c4f618adc9c5981b13d7195f504": image with reference sha256:11f111d5f1e19203639fb5d0089231c00d2f1c4f618adc9c5981b13d7195f504 was found but does not match the specified platform: wanted linux/amd64, actual: linux/arm64'
    cmd=build state=exited code=33554435 version=darwin|Transformer|1.37.6|26a36c88a94c677efd734e874ba081dabb84a224|2022-04-23_06:07:44AM location=/usr/local/bin

    can anyone help here ? Thanks

    1 reply
    Hey fellas , is there any way to build docker-slim image directly without building it first via docker then slimming it ?
    1 reply