Hey everyone! π
I'm excited to share SlimShield, an advanced Docker security scanning platform I've been building. It's now live and production-ready!
π Live Demo: https://slimshield.itscloudhub.com
What is SlimShield?
SlimShield helps DevOps and security teams scan Dockerfiles and container images for vulnerabilities, optimization issues, and compliance violations. Think of it as a comprehensive security scanner that goes beyond basic CVE detection.
Key Features (18 Production-Ready Features!)
Security & Analysis
β¨ CVE Detection with EPSS Scoring - Real-time vulnerability scanning with exploit prediction
β¨ AI Risk Index - Intelligent false positive filtering with confidence scoring
β¨ Auto-Fixer - Automated Dockerfile remediation and security fixes
β¨ Distroless Detection - Identifies and recommends minimal container images
β¨ SBOM Generation - Creates Software Bill of Materials in SPDX & CycloneDX formats
Compliance & Policy
β¨ 7 Compliance Frameworks - HIPAA, PCI-DSS, SOC 2, GDPR, NIST, ISO 27001, CIS
β¨ Security Policy Engine - Custom rule creation and enforcement
β¨ License Policy Engine - License compliance checking and violation detection
Advanced Features
β¨ Exception Management - Centralized false positive handling
β¨ Incremental Scanning - Compare scans over time for changed layers
β¨ Scan Comparison - Track security improvements and trends
β¨ Multi-Registry Support - Unified dashboard for all your registries
β¨ Webhook Notifications - Real-time alerts (Slack, Teams, Discord)
β¨ Offline Mode - Air-gap scanning with local CVE database
Reports & Integration
β¨ Multiple Report Formats - PDF, JSON, HTML, CSV, SARIF, JUnit XML
β¨ CLI Tool - Full command-line access for CI/CD integration (Pro plan)
β¨ REST API - 53+ endpoints for complete programmatic access
β¨ Payment Integration - Stripe-powered subscription management
Tech Stack
Backend API:
- FastAPI (Python 3.10+) with async support
- PostgreSQL for production data
- Redis for caching and rate limiting
- Docker SDK for container operations
- NVD API integration for CVE data
Frontend Portal:
- React 18 with TypeScript
- Tailwind CSS for styling
- Axios + React Query for data fetching
- Recharts for visualizations
CLI Tool:
- Python 3.8+ with Click framework
- Rich terminal formatting
- JWT authentication with keyring
Infrastructure:
- Docker & Docker Compose
- Alembic for database migrations
- Nginx reverse proxy
- Prometheus metrics support
Architecture
Three integrated services:
- Backend API (Port 9000) - Core scanning engine
- Frontend Portal (Port 3000) - Web interface
- CLI Tool - Terminal access for automation
Pricing Plans
π Free Plan - $0/month, 25 scans, basic features
π Pro Plan - $8/month, 150 scans, CLI access, advanced features
π Enterprise - Custom pricing, 10,000+ scans, dedicated support
What I'm Looking For
Your honest feedback on:
- Security - Any vulnerabilities you spot?
- UX/UI - Is the interface intuitive? Any friction points?
- Performance - How's the scanning speed and page load time?
- Features - What's missing? What would you add?
- Pricing - Does the value match the pricing?
- DevOps Integration - How would you integrate this into your workflow?
The Journey
This started as a learning project but evolved into a comprehensive security platform. The biggest challenges were:
- Implementing real-time CVE analysis with EPSS scoring
- Building the auto-fix engine that understands Dockerfile context
- Creating 7 compliance frameworks from scratch
- Optimizing scanning performance for large images
What's Next
- Advanced runtime correlation (monitoring integration)
- More compliance frameworks
- Enhanced AI capabilities for risk assessment
- Team collaboration features
- Custom integration marketplace
Try breaking it! I'm actively working on improvements and would love to hear what you think. π
P.S. - Special shoutout to the DevOps community for inspiration. If you find bugs or have suggestions, drop them in the comments!
Thanks for checking it out! π
Top comments (0)