Hey everyone! 👋
I'm excited to share SlimShield, an advanced Docker security scanning platform I've been building. It's now live and production-ready!
🔗 Live Demo: https://slimshield.itscloudhub.com
What is SlimShield?
SlimShield helps DevOps and security teams scan Dockerfiles and container images for vulnerabilities, optimization issues, and compliance violations. Think of it as a comprehensive security scanner that goes beyond basic CVE detection.
Key Features (18 Production-Ready Features!)
Security & Analysis
✨ CVE Detection with EPSS Scoring - Real-time vulnerability scanning with exploit prediction
✨ AI Risk Index - Intelligent false positive filtering with confidence scoring
✨ Auto-Fixer - Automated Dockerfile remediation and security fixes
✨ Distroless Detection - Identifies and recommends minimal container images
✨ SBOM Generation - Creates Software Bill of Materials in SPDX & CycloneDX formats
Compliance & Policy
✨ 7 Compliance Frameworks - HIPAA, PCI-DSS, SOC 2, GDPR, NIST, ISO 27001, CIS
✨ Security Policy Engine - Custom rule creation and enforcement
✨ License Policy Engine - License compliance checking and violation detection
Advanced Features
✨ Exception Management - Centralized false positive handling
✨ Incremental Scanning - Compare scans over time for changed layers
✨ Scan Comparison - Track security improvements and trends
✨ Multi-Registry Support - Unified dashboard for all your registries
✨ Webhook Notifications - Real-time alerts (Slack, Teams, Discord)
✨ Offline Mode - Air-gap scanning with local CVE database
Reports & Integration
✨ Multiple Report Formats - PDF, JSON, HTML, CSV, SARIF, JUnit XML
✨ CLI Tool - Full command-line access for CI/CD integration (Pro plan)
✨ REST API - 53+ endpoints for complete programmatic access
✨ Payment Integration - Stripe-powered subscription management
Tech Stack
Backend API:
- FastAPI (Python 3.10+) with async support
- PostgreSQL for production data
- Redis for caching and rate limiting
- Docker SDK for container operations
- NVD API integration for CVE data
Frontend Portal:
- React 18 with TypeScript
- Tailwind CSS for styling
- Axios + React Query for data fetching
- Recharts for visualizations
CLI Tool:
- Python 3.8+ with Click framework
- Rich terminal formatting
- JWT authentication with keyring
Infrastructure:
- Docker & Docker Compose
- Alembic for database migrations
- Nginx reverse proxy
- Prometheus metrics support
Architecture
Three integrated services:
- Backend API (Port 9000) - Core scanning engine
- Frontend Portal (Port 3000) - Web interface
- CLI Tool - Terminal access for automation
Pricing Plans
💚 Free Plan - $0/month, 25 scans, basic features
💙 Pro Plan - $8/month, 150 scans, CLI access, advanced features
🚀 Enterprise - Custom pricing, 10,000+ scans, dedicated support
What I'm Looking For
Your honest feedback on:
- Security - Any vulnerabilities you spot?
- UX/UI - Is the interface intuitive? Any friction points?
- Performance - How's the scanning speed and page load time?
- Features - What's missing? What would you add?
- Pricing - Does the value match the pricing?
- DevOps Integration - How would you integrate this into your workflow?
The Journey
This started as a learning project but evolved into a comprehensive security platform. The biggest challenges were:
- Implementing real-time CVE analysis with EPSS scoring
- Building the auto-fix engine that understands Dockerfile context
- Creating 7 compliance frameworks from scratch
- Optimizing scanning performance for large images
What's Next
- Advanced runtime correlation (monitoring integration)
- More compliance frameworks
- Enhanced AI capabilities for risk assessment
- Team collaboration features
- Custom integration marketplace
Try breaking it! I'm actively working on improvements and would love to hear what you think. 🚀
P.S. - Special shoutout to the DevOps community for inspiration. If you find bugs or have suggestions, drop them in the comments!
Thanks for checking it out! 🙏
Top comments (0)