惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
宝玉的分享
宝玉的分享
Last Week in AI
Last Week in AI
Help Net Security
Help Net Security
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
博客园_首页
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
LINUX DO - 最新话题
PCI Perspectives
PCI Perspectives
博客园 - 三生石上(FineUI控件)
V2EX - 技术
V2EX - 技术
Spread Privacy
Spread Privacy
T
Tor Project blog
量子位
阮一峰的网络日志
阮一峰的网络日志
S
SegmentFault 最新的问题
小众软件
小众软件
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Blog — PlanetScale
Blog — PlanetScale
H
Help Net Security
Y
Y Combinator Blog
N
News | PayPal Newsroom
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Tenable Blog
Scott Helme
Scott Helme
G
GRAHAM CLULEY
大猫的无限游戏
大猫的无限游戏
aimingoo的专栏
aimingoo的专栏
IT之家
IT之家
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
Martin Fowler
Martin Fowler
T
Threat Research - Cisco Blogs
博客园 - 司徒正美
Application and Cybersecurity Blog
Application and Cybersecurity Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Attack and Defense Labs
Attack and Defense Labs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
L
LangChain Blog
C
Check Point Blog
Google Online Security Blog
Google Online Security Blog
V
Visual Studio Blog
Latest news
Latest news

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
GitHub - anmalkov/image-inspector: 🐳 Find and digest-pin official container base images in seconds - Python, .NET, Java, Go, Node.js, Rust, Ubuntu, and more.
anmalkov · 2026-06-26 · via Show HN

🐳 image-inspector — select • inspect • pin

image-inspector

A CLI for finding official container base images, showing precomputed vulnerability counts, and generating digest-pinned FROM lines — without pulling images, running Docker, or scanning locally.

CI status Latest release PyPI version MIT License


⚡ Try it in 5 seconds

No install, no Docker daemon, no local scanner — just uv:

uvx --from base-image-inspector image-inspector

Pick a base image with the arrow keys and copy the digest-pinned FROM line. That's it.

image-inspector result panel showing a digest-pinned FROM line and vulnerability counts

Why this exists

Tool Great at The gap it leaves
docker pull + trivy scan Accurate, thorough scanning Slower, and runs locally — you pull the image first
Renovate Keeping base images up to date Helps after you've already chosen a base image
image-inspector Choose + inspect + pin before you write FROM Approximate counts from precomputed nightly data (fetched from GitHub Pages, bundled offline fallback), not a live scan

Who is this for?

Use image-inspector if you:

  • write Dockerfiles often
  • want reproducible base images
  • want quick vulnerability context before choosing a base image
  • don't want to pull images or run a scanner locally

What is this?

When you write a Dockerfile, you start from a base image like python:3.13 or node:22. The problem: tags like python:3.13 are moving targets — the image behind that tag changes over time. So a build that works today might pull a different image tomorrow, and "it works on my machine" quietly breaks.

image-inspector fixes that. You pick a language or OS, a version, and a variant — all with the arrow keys — and it gives you a base image pinned to an immutable digest plus a ready-to-paste FROM line:

FROM python:3.13.14-slim@sha256:205e60d0b78f024817...

It also shows you, up front, how many known security vulnerabilities that image has, its size, and when it was built — so you can choose a good base image with confidence.

What's that @sha256:... part? It's the image's digest — a unique fingerprint of the exact image contents. Pinning to a digest means everyone who builds your Dockerfile gets the identical base image, every time. That's what makes a build reproducible.

Vulnerability counts come from precomputed nightly Trivy data — fetched from GitHub Pages when online, with a copy bundled in the package as an offline fallback. Images are not pulled or scanned locally at runtime. No Docker daemon or local scanner is required.

image-inspector demo

Quick start

1. Already tried it with uvx? Install it permanently (pick whichever you have):

uv tool install base-image-inspector     # recommended
# or
pipx install base-image-inspector
# or
pip install base-image-inspector

Package vs. command: the PyPI package is base-image-inspector, but the installed CLI command is image-inspector.

Prefer one-shot usage? Use uv:

uvx --from base-image-inspector image-inspector

2. Run it:

3. Pick with the arrow keys — language/OS → version → variant — and copy the FROM line it prints. That's it. 🎉

New here and want the full walkthrough? See the Getting started guide.

Features

  • 📌 Digest pinning — outputs a name:tag@sha256:… reference for reproducible builds.
  • 🛡️ Security at a glance — critical / high / total vulnerability counts for the chosen image, from precomputed nightly Trivy data fetched from GitHub Pages (with a bundled offline fallback).
  • 🧱 Many ecosystems, one interface — Python, .NET, Java, Go, Node, Rust, C/C++, plus Ubuntu, Debian and Alpine base images.
  • 🤖 Automation-friendly--json for non-interactive use and --plain / NO_COLOR support.
  • 🎨 Modern UI — branded banner, themed menus, spinners, and a syntax-highlighted result panel.
  • ⌨️ Arrow-key everything — language, version, and variant are all pick-from-list menus. No typing.
  • 📋 Quick actions — after a result, copy the FROM line or digest to your clipboard.

Supported images

Languages & runtimes

Language Registry Repository Versioning
Python Docker Hub library/python semver (latest 5 minors)
.NET MCR mcr.microsoft.com/dotnet/sdk semver (latest 5 minors)
Java Docker Hub library/eclipse-temurin feature release (8 / 11 / 17 / 21 / 25 / 26)
Go Docker Hub library/golang semver (latest minors)
Node.js Docker Hub library/node semver (latest 5 minors)
Rust Docker Hub library/rust semver (latest 5 minors)
C / C++ Docker Hub library/gcc semver (latest 5 minors)

OS base images

Image Registry Repository Versioning
Ubuntu Docker Hub library/ubuntu calver YY.MM (latest 5 releases, LTS marked)
Debian Docker Hub library/debian major (11 / 12 / 13) + -slim variant
Alpine Docker Hub library/alpine semver (latest 5 minors)

Per-image details (Java feature releases, the gcc compiler image, Ubuntu LTS, Debian variants) are covered in the Getting started guide.

Examples

# Interactive — pick everything with the arrow keys:
image-inspector

# Non-interactive, machine-readable output for scripts/CI:
image-inspector --json -l ubuntu --version 24.04

A --json run prints a single object describing the resolved image. For example:

image-inspector --json -l python --version 3.13 --variant slim
{
  "source": "Docker Hub",
  "language": "python",
  "version": "3.13",
  "variant": "slim",
  "image": "python:3.13.14-slim",
  "pinned_reference": "python:3.13.14-slim@sha256:205e60d0b78f024817...",
  "digest": "sha256:205e60d0b78f024817...",
  "size_bytes": 44912345,
  "from_line": "FROM python:3.13.14-slim@sha256:205e60d0b78f024817...",
  "vulnerabilities": {
    "critical": 0,
    "high": 1,
    "total": 23,
    "scanned_at": "2026-06-22T02:14:07+00:00"
  },
  "scanner": { "name": "trivy", "version": "0.71.1", "db_updated_at": "2026-06-22T00:00:00+00:00" }
}

(Some fields are omitted above for brevity.) When no scan data exists for the image, vulnerabilities is null.

The full list of flags lives in the Getting started guide.

Vulnerability data

The critical / high / total counts come from precomputed nightly Trivy data. Nothing is scanned locally at runtime — image-inspector doesn't run Trivy on your machine, pull images, or talk to a scanner. That keeps it fast and means no Docker daemon or scanner is required. A GitHub Actions workflow regenerates this data nightly and publishes it to GitHub Pages. At runtime the tool is online-first: it fetches that live report when online (short timeout, ETag-cached) and falls back to the copy bundled with the package when offline or if the fetch fails. The SECURITY panel's Source row shows which you're seeing (online (latest) vs offline (bundled copy)). Set IMAGE_INSPECTOR_OFFLINE=1 to force the bundled copy, or IMAGE_INSPECTOR_REPORT_URL to point at a different report. Because the data is precomputed, counts reflect the most recent snapshot rather than a live, on-the-spot scan.

Limitations

  • Vulnerability counts come from the precomputed nightly dataset (online from GitHub Pages, or the bundled offline fallback), not a live scan.
  • Counts are for the selected base image only, not your final application image.
  • Digest pinning improves reproducibility, but you still need a process for updating pinned images.
  • Only selected official images are supported.

Why not just use Trivy, Docker Scout, or Renovate?

image-inspector is not a replacement for full image scanning, Docker Scout, Trivy, or dependency automation tools like Renovate.

It is meant for the moment before you write a FROM line: choosing among official base images, seeing approximate vulnerability counts, and pinning the exact digest without pulling images locally or running a scanner.

You should still scan your final built image in CI.

Documentation

Community & support

🤝 Contributing

Contributions are welcome! Please read CONTRIBUTING.md for the branch/PR flow, local checks, and where to ask questions.

License

Released under the MIT License.