What is Jib?

Jib allows Build container images for your Java applications
10 July 2018   286

What is Jib?

Jib builds Docker and OCI images for your Java applications and is available as plugins for Maven and Gradle.

Jib as a container-building library for Java is work-in-progress.

Goals

  • Fast - Deploy your changes fast. Jib separates your application into multiple layers, splitting dependencies from classes. Now you don’t have to wait for Docker to rebuild your entire Java application - just deploy the layers that changed.
  • Reproducible - Rebuilding your container image with the same contents always generates the same image. Never trigger an unnecessary update again.
  • Daemonless - Reduce your CLI dependencies. Build your Docker image from within Maven or Gradle and push to any registry of your choice. No more writing Dockerfiles and calling docker build/push.

How Jib Works

Whereas traditionally a Java application is built as a single image layer with the application JAR, Jib's build strategy separates the Java application into multiple layers for more granular incremental builds. When you change your code, only your changes are rebuilt, not your entire application. These layers, by default, are layered on top of a distroless base image.

Learn more at GitHub

Sonatype to Create Vulnerability Checker Tool

New tool is called DepShield and available in the "Security" section of the GitHub Marketplace
16 August 2018   129

Sonatype has introduced a tool for developers called DepShield, which checks the code on GitHub for vulnerabilities.

The free version of the service is looking for vulnerabilities in the OSS Index database and gives recommendations on how to fix them. In the commercial version, you can configure automatic fixing of problems. Also in DepShield there are:

  • work with the Apache Maven framework;
  • View a list of known vulnerabilities in GitHub's Issue Tracker;
  • determine the range of versions for each vulnerability.

DepShield
DepShield

DepShield is available in the "Security" section of the GitHub Marketplace.

GitHub has introduced two new features that will help improve security and simplify the recovery of accounts. For this, the company recommends setting a strong password and two-factor authentication.