Concept: Boston-based startup Slim.AI has launched a cloud-based DevOps automation platform that provides tools along with streamlined workflows. It can assist developers to accelerate and automate containerized application operation, production, and management. The platform complements and extends the open-source DockerSlim product’s capabilities.
Nature of Disruption: The platform allows developers to analyze the contents of a container in terms of composition and security profile, making it easy for them to determine what’s inside before using it. It can help with the automatic enhancement of software and supply chain security, as well as container tuning for development, testing, and production, and the delivery of secure container-based apps to the cloud. It also observes and interprets how containers are built and executed to study and understand application composition and behavior. Slim.AI’s platform’s application intelligence combines static and run-time container analysis, as well as specific container build and optimization engines. It provides developers with detailed visualizations and analyses of containerized applications. The platform also includes integrated workflows for tasks like selecting and building container images, managing container size, removing vulnerabilities, and generating security profiles. To access Docker containers and accompanying source-code files as inputs, it connects with CI/CD pipelines, container registries, and code repositories. Slim.AI allows developers to simultaneously search several container registries for containers.
Outlook: To mitigate risk in their software supply chains, developers must know exactly what is in their containers before putting them into production. Developers and technology leaders have recognized the importance of optimizing pictures before production for reducing the attack surface of their apps. Slim.ai addresses these problems by automating and replacing the ad-hoc, proprietary, and manual procedures and technologies that developers and DevOps teams use today to deploy containerized applications to production. The container-based workflow platform includes the capability to automate the unwanted software removal from containers process, thereby minimizing risks and reducing an app’s attack surface. It can also enable private connections to the Google Container Registry, as well as the Amazon, Docker, and Red Hat registries, using API tokens for authentication. The startup has raised $31M in a Series A funding round co-led by Insight Partners and StepStone Group in January 2022. It intends to use the funds for further advancement of the platform.