Marius This article takes a detailed look at image signatures created by Notation, which is one of several tools to create and verify Docker images. Introduction Notation (formerly known as “Notary V2”) is one of the CLI tools under the Notary Project umbrella. Notary Project is a set of specifications and tools to sign and verify … Read more
This article provides an overview of available options to a) sign and verify Docker/container images and b) create image attestations. It compares the tools Docker Content Trust, BuildKit attestations, Notation, Cosign, and GitHub attestations. The basic terms and concepts are explained, and it concludes with recommendations for which tool is most suitable per use case. … Read more
Full stack web frameworks, like Reflex (Python) or Vaadin (Java), enable backend-focused developers to build web applications, including the frontend UI, using a backend language like Java. These frameworks include a (large) UI component library and require no knowledge of frontend technologies. However, using such frameworks comes with major caveats that should give you pause … Read more
For developers who directly call the Docker Hub APIs, this article sheds light on how Docker Hub handles rate limiting, particularly for HEAD requests. Here, the behavior differs in unexpected ways from the well-known image pull rate limits.
This article explains how to use my open-source Docker Tag Monitor website to determine how frequently the maintainers of a Docker image rebuild specific image version tags. It also explains why the image rebuild frequency matters when choosing the best (base) image.
Having multiple calendars that are not synchronized often causes scheduling issues. To solve this problem, I built a completely new Next-Gen Microsoft Power Automate flow that synchronizes Outlook with Outlook, Outlook with Google, or Google with Google calendars. The flow is free and open-source, but requires a Power Automate Premium plan. Here I explain how … Read more
This article benchmarks the performance of two different Python frameworks (Django, FastAPI) and a Go framework (Pocketbase), when making GET requests that serialize 20 simple JSON objects from a relational database (SQLite, PostgreSQL). The results show that Go/Pocketbase is only about twice as fast as Python/FastAPI, which is surprising, given that Go is generally considered … Read more
This article introduces 12 tips to optimize your Docker image security. For each tip, it explains the underlying attack vector, and one or more mitigation approaches. Tips include avoiding leaking of build secrets, running as non-root user, or how to make sure to use the most recent dependencies and updates. Originally posted on 2022-02-20, updated … Read more
This article introduces several tricks that you can apply at build-time, to reduce the size of your Docker images, including the use of a small base image, multi-stage builds, consolidation of RUN statements, avoiding separate chown/chmod commands, or using the slim toolkit. Originally posted on 2022-02-06, updated on 2024-06-11. Introduction Docker has become a commodity … Read more
This article offers several tips for tweaking the build speed of Docker images in CI pipelines. I explain multiple caching-tricks offered by BuildKit, Docker’s integrated image build engine. I also elaborate on how the .dockerignore file and extra arguments to package managers such as apt can speed up your image builds. Originally posted on 2022-01-23, … Read more