Kyle Quest (the DockerSlim guy)
@kcqon.bsky.social
AI-native software security maintenance (AutonomousPlane) * CTO/Founded (Slim dot AI) * Created DockerSlim / SlimToolkit / MinToolkit * 50 Shades of Golang * Big & Small Data * Security * eBPF * Containers * Cloud Native
a bit of trivia ( #golang and AI agent related)... guess what value ends up in MainConfig.KeyOne (and why) when the YAML config file is loaded and guess how confused Gemini CLI and even Claude Code were with it 🙂
July 13, 2025 at 3:06 AM
a bit of trivia ( #golang and AI agent related)... guess what value ends up in MainConfig.KeyOne (and why) when the YAML config file is loaded and guess how confused Gemini CLI and even Claude Code were with it 🙂
Container "image mode" in Redhat Linux... interesting to see containers as the first class construct in an OS
May 20, 2025 at 8:42 PM
Container "image mode" in Redhat Linux... interesting to see containers as the first class construct in an OS
Funny timing... Wiz just came out with their hardened container images and now Docker :-)
May 19, 2025 at 6:35 PM
Funny timing... Wiz just came out with their hardened container images and now Docker :-)
a decent sequence diagram too
April 26, 2025 at 12:26 AM
a decent sequence diagram too
The architecture diagram DeepWiki/Devin generated for #DockerSlim / MinT(oolkit) is the best AI generated diagram so far (not complete, but it does make sense and it's useful enough)
April 26, 2025 at 12:23 AM
The architecture diagram DeepWiki/Devin generated for #DockerSlim / MinT(oolkit) is the best AI generated diagram so far (not complete, but it does make sense and it's useful enough)
It seems like #KubeCon London was a long time ago... It was this month though! The Docker / Dagger event was very cool... With interesting demos, but sucky sound. Solomon saved the night though :)
April 25, 2025 at 12:34 AM
It seems like #KubeCon London was a long time ago... It was this month though! The Docker / Dagger event was very cool... With interesting demos, but sucky sound. Solomon saved the night though :)
I couldn't miss the "What I wish I knew about container security" Cloud Native Rejekts talk in London by Duffie and Jed
April 8, 2025 at 11:57 PM
I couldn't miss the "What I wish I knew about container security" Cloud Native Rejekts talk in London by Duffie and Jed
The score card for python app Dockerfiles we improved (reach out if you want us to improve your Dockerfile)
March 23, 2025 at 7:01 AM
The score card for python app Dockerfiles we improved (reach out if you want us to improve your Dockerfile)
We reviewed 4 python Dockerfiles: Tux (discord bot), GuruBase RAG, Podcastify AI (OSS version of NotebookLM) & AgentGPT (AI agent builder). We also previewed the container image composition tool. More notes will be posted soon!
March 22, 2025 at 9:07 PM
We reviewed 4 python Dockerfiles: Tux (discord bot), GuruBase RAG, Podcastify AI (OSS version of NotebookLM) & AgentGPT (AI agent builder). We also previewed the container image composition tool. More notes will be posted soon!
Ivan at SCaLE 22x (without being here in person) 🙂
March 9, 2025 at 4:44 AM
Ivan at SCaLE 22x (without being here in person) 🙂
It was a fun SCaLE 22x talk with great questions and participation from the audience! We managed to build a functional container by hand without any container tools. There was cheating to do less 🙂 And we also explored the magic of lazy loaded containers and eStargz! #scale22x
March 8, 2025 at 3:51 AM
It was a fun SCaLE 22x talk with great questions and participation from the audience! We managed to build a functional container by hand without any container tools. There was cheating to do less 🙂 And we also explored the magic of lazy loaded containers and eStargz! #scale22x
SCaLE 22x is almost here (March 6 - 9, Pasadena, CA)! First one for me. Super excited to be there & share with others. You can get 50% off on registration with this code (no excuse not to be there if you are in California ;-)): SPEAK
February 27, 2025 at 9:04 PM
SCaLE 22x is almost here (March 6 - 9, Pasadena, CA)! First one for me. Super excited to be there & share with others. You can get 50% off on registration with this code (no excuse not to be there if you are in California ;-)): SPEAK
Wonder how many OpenAI API keys DeepSeek will collect by allowing the same OpenAI libraries to be used 🙂
February 8, 2025 at 5:02 PM
Wonder how many OpenAI API keys DeepSeek will collect by allowing the same OpenAI libraries to be used 🙂
BuildKit can be used not only to build containers, but it can also run them (it's a bit cheating because it still uses runc internally :-)) The 'frontend' gateway in BuildKit will run the container you specify.
February 1, 2025 at 4:07 AM
BuildKit can be used not only to build containers, but it can also run them (it's a bit cheating because it still uses runc internally :-)) The 'frontend' gateway in BuildKit will run the container you specify.
With the first GoodDockerfiles stream Ivan and I looked at Felipe's "gofile" project and its Dockerfile. One of the stream questions was about using distroless. Here's a possible distroless-based version (note that the image is also smaller while still having a shell ;-))
January 26, 2025 at 8:44 PM
With the first GoodDockerfiles stream Ivan and I looked at Felipe's "gofile" project and its Dockerfile. One of the stream questions was about using distroless. Here's a possible distroless-based version (note that the image is also smaller while still having a shell ;-))
Here's where CVEs jumped the shark... CVEs just because the software/library is End of Life... sure why not 🙂 Three for Node: CVE-2025-23088 , CVE-2025-23089 , CVE-2025-23087
Time to dump CVEs and their misleading CVSS severity scoring that does more harm than good.
Time to dump CVEs and their misleading CVSS severity scoring that does more harm than good.
January 24, 2025 at 7:34 AM
Here's where CVEs jumped the shark... CVEs just because the software/library is End of Life... sure why not 🙂 Three for Node: CVE-2025-23088 , CVE-2025-23089 , CVE-2025-23087
Time to dump CVEs and their misleading CVSS severity scoring that does more harm than good.
Time to dump CVEs and their misleading CVSS severity scoring that does more harm than good.
We have our first Dockerfile review on Tuesday (10:05am PT / 7:05pm CET). We'll be looking at "gofile" and its Dockerfile with Felipe Cruz (guess what "gofile" does ;-))
January 17, 2025 at 9:14 PM
We have our first Dockerfile review on Tuesday (10:05am PT / 7:05pm CET). We'll be looking at "gofile" and its Dockerfile with Felipe Cruz (guess what "gofile" does ;-))
unexpected to end up in the "Most active speaker" Sessionize category because it didn't feel like I had a lot of conference talks and I also used two different accounts 🙂
January 12, 2025 at 5:51 PM
unexpected to end up in the "Most active speaker" Sessionize category because it didn't feel like I had a lot of conference talks and I also used two different accounts 🙂
An important part of improving your Dockerfile is picking the right base image. Ivan's post about the Node.js base images is a great example of what you end up dealing with there :-)
January 11, 2025 at 7:55 PM
An important part of improving your Dockerfile is picking the right base image. Ivan's post about the Node.js base images is a great example of what you end up dealing with there :-)
2025 New Year celebration, Seattle. Nice view :-)
January 1, 2025 at 12:26 PM
2025 New Year celebration, Seattle. Nice view :-)
Interesting bug/feature in Docker Desktop when containerd image pulling/storage is enabled... The manifest list in index.json just points to a manifest index file blob instead of pointing to the architecture specific manifest file blob.
December 27, 2024 at 12:35 AM
Interesting bug/feature in Docker Desktop when containerd image pulling/storage is enabled... The manifest list in index.json just points to a manifest index file blob instead of pointing to the architecture specific manifest file blob.
Here's the video for our "Malicious Compliance Automated: When You Have 4000 Vulnerabilities and only 24 Hours Before Release" @rejekts.io talk from last month in Salt Lake City (just before KubeCon ). When we gave the talk it was already 5000 vulnerabilities :-)
December 19, 2024 at 7:11 AM
Here's the video for our "Malicious Compliance Automated: When You Have 4000 Vulnerabilities and only 24 Hours Before Release" @rejekts.io talk from last month in Salt Lake City (just before KubeCon ). When we gave the talk it was already 5000 vulnerabilities :-)