ๆƒฏๆ€ง่šๅˆ ้ซ˜ๆ•ˆ่ฟฝ่ธชๅ’Œ้˜…่ฏปไฝ ๆ„Ÿๅ…ด่ถฃ็š„ๅšๅฎขใ€ๆ–ฐ้—ปใ€็ง‘ๆŠ€่ต„่ฎฏ
้˜…่ฏปๅŽŸๆ–‡ ๅœจๆƒฏๆ€ง่šๅˆไธญๆ‰“ๅผ€

ๆŽจ่่ฎข้˜…ๆบ

T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security Affairs
N
News and Events Feed by Topic
T
Tenable Blog
P
Proofpoint News Feed
W
WeLiveSecurity
Simon Willison's Weblog
Simon Willison's Weblog
Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
Help Net Security
Help Net Security
I
Intezer
T
Threat Research - Cisco Blogs
S
Secure Thoughts
C
Cyber Attacks, Cyber Crime and Cyber Security
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
Google Online Security Blog
Google Online Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Know Your Adversary
Know Your Adversary
Project Zero
Project Zero
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Tor Project blog
N
News | PayPal Newsroom
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
Arctic Wolf
Forbes - Security
Forbes - Security
O
OpenAI News
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Latest
Security Latest
P
Palo Alto Networks Blog
S
Schneier on Security
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
H
Heimdal Security Blog
V
Vulnerabilities โ€“ Threatpost
www.infosecurity-magazine.com
www.infosecurity-magazine.com
ๅš
ๅšๅฎขๅ›ญ_้ฆ–้กต
T
Troy Hunt's Blog
Latest news
Latest news
Recent Announcements
Recent Announcements
MyScale Blog
MyScale Blog
ไบบไบบ้ƒฝๆ˜ฏไบงๅ“็ป็†
ไบบไบบ้ƒฝๆ˜ฏไบงๅ“็ป็†
L
LINUX DO - ็ƒญ้—จ่ฏ้ข˜
M
MIT News - Artificial intelligence
N
Netflix TechBlog - Medium
V
Visual Studio Blog
H
Hacker News: Front Page

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph โ€” interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent โ€” bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab โ€“ Get this Extension for ๐ŸฆŠ Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld โ€“ replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main ยท Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: ๐ŸŒธ Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP โ€“ MCP Server for On-Prem DBs Show HN: KittyHTML โ€“ Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens โ€“ Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 ยท kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth โ€“ Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools ยท CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery โ€” climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup โ€” a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: ฯ€ RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection โ€” all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis โ€” standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) โ€” an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: ๐Ÿ  Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome ๅบ”็”จๅ•†ๅบ— GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graphโ€“powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
GitHub - anmalkov/image-inspector: ๐Ÿณ Find and digest-pin official container base images in seconds - Python, .NET, Java, Go, Node.js, Rust, Ubuntu, and more.
anmalkov ยท 2026-06-26 ยท via Show HN

๐Ÿณ image-inspector โ€” select โ€ข inspect โ€ข pin

image-inspector

A CLI for finding official container base images, showing precomputed vulnerability counts, and generating digest-pinned FROM lines โ€” without pulling images, running Docker, or scanning locally.

CI status Latest release PyPI version MIT License


โšก Try it in 5 seconds

No install, no Docker daemon, no local scanner โ€” just uv:

uvx --from base-image-inspector image-inspector

Pick a base image with the arrow keys and copy the digest-pinned FROM line. That's it.

image-inspector result panel showing a digest-pinned FROM line and vulnerability counts

Why this exists

Tool Great at The gap it leaves
docker pull + trivy scan Accurate, thorough scanning Slower, and runs locally โ€” you pull the image first
Renovate Keeping base images up to date Helps after you've already chosen a base image
image-inspector Choose + inspect + pin before you write FROM Approximate counts from precomputed nightly data (fetched from GitHub Pages, bundled offline fallback), not a live scan

Who is this for?

Use image-inspector if you:

  • write Dockerfiles often
  • want reproducible base images
  • want quick vulnerability context before choosing a base image
  • don't want to pull images or run a scanner locally

What is this?

When you write a Dockerfile, you start from a base image like python:3.13 or node:22. The problem: tags like python:3.13 are moving targets โ€” the image behind that tag changes over time. So a build that works today might pull a different image tomorrow, and "it works on my machine" quietly breaks.

image-inspector fixes that. You pick a language or OS, a version, and a variant โ€” all with the arrow keys โ€” and it gives you a base image pinned to an immutable digest plus a ready-to-paste FROM line:

FROM python:3.13.14-slim@sha256:205e60d0b78f024817...

It also shows you, up front, how many known security vulnerabilities that image has, its size, and when it was built โ€” so you can choose a good base image with confidence.

What's that @sha256:... part? It's the image's digest โ€” a unique fingerprint of the exact image contents. Pinning to a digest means everyone who builds your Dockerfile gets the identical base image, every time. That's what makes a build reproducible.

Vulnerability counts come from precomputed nightly Trivy data โ€” fetched from GitHub Pages when online, with a copy bundled in the package as an offline fallback. Images are not pulled or scanned locally at runtime. No Docker daemon or local scanner is required.

image-inspector demo

Quick start

1. Already tried it with uvx? Install it permanently (pick whichever you have):

uv tool install base-image-inspector     # recommended
# or
pipx install base-image-inspector
# or
pip install base-image-inspector

Package vs. command: the PyPI package is base-image-inspector, but the installed CLI command is image-inspector.

Prefer one-shot usage? Use uv:

uvx --from base-image-inspector image-inspector

2. Run it:

3. Pick with the arrow keys โ€” language/OS โ†’ version โ†’ variant โ€” and copy the FROM line it prints. That's it. ๐ŸŽ‰

New here and want the full walkthrough? See the Getting started guide.

Features

  • ๐Ÿ“Œ Digest pinning โ€” outputs a name:tag@sha256:โ€ฆ reference for reproducible builds.
  • ๐Ÿ›ก๏ธ Security at a glance โ€” critical / high / total vulnerability counts for the chosen image, from precomputed nightly Trivy data fetched from GitHub Pages (with a bundled offline fallback).
  • ๐Ÿงฑ Many ecosystems, one interface โ€” Python, .NET, Java, Go, Node, Rust, C/C++, plus Ubuntu, Debian and Alpine base images.
  • ๐Ÿค– Automation-friendly โ€” --json for non-interactive use and --plain / NO_COLOR support.
  • ๐ŸŽจ Modern UI โ€” branded banner, themed menus, spinners, and a syntax-highlighted result panel.
  • โŒจ๏ธ Arrow-key everything โ€” language, version, and variant are all pick-from-list menus. No typing.
  • ๐Ÿ“‹ Quick actions โ€” after a result, copy the FROM line or digest to your clipboard.

Supported images

Languages & runtimes

Language Registry Repository Versioning
Python Docker Hub library/python semver (latest 5 minors)
.NET MCR mcr.microsoft.com/dotnet/sdk semver (latest 5 minors)
Java Docker Hub library/eclipse-temurin feature release (8 / 11 / 17 / 21 / 25 / 26)
Go Docker Hub library/golang semver (latest minors)
Node.js Docker Hub library/node semver (latest 5 minors)
Rust Docker Hub library/rust semver (latest 5 minors)
C / C++ Docker Hub library/gcc semver (latest 5 minors)

OS base images

Image Registry Repository Versioning
Ubuntu Docker Hub library/ubuntu calver YY.MM (latest 5 releases, LTS marked)
Debian Docker Hub library/debian major (11 / 12 / 13) + -slim variant
Alpine Docker Hub library/alpine semver (latest 5 minors)

Per-image details (Java feature releases, the gcc compiler image, Ubuntu LTS, Debian variants) are covered in the Getting started guide.

Examples

# Interactive โ€” pick everything with the arrow keys:
image-inspector

# Non-interactive, machine-readable output for scripts/CI:
image-inspector --json -l ubuntu --version 24.04

A --json run prints a single object describing the resolved image. For example:

image-inspector --json -l python --version 3.13 --variant slim
{
  "source": "Docker Hub",
  "language": "python",
  "version": "3.13",
  "variant": "slim",
  "image": "python:3.13.14-slim",
  "pinned_reference": "python:3.13.14-slim@sha256:205e60d0b78f024817...",
  "digest": "sha256:205e60d0b78f024817...",
  "size_bytes": 44912345,
  "from_line": "FROM python:3.13.14-slim@sha256:205e60d0b78f024817...",
  "vulnerabilities": {
    "critical": 0,
    "high": 1,
    "total": 23,
    "scanned_at": "2026-06-22T02:14:07+00:00"
  },
  "scanner": { "name": "trivy", "version": "0.71.1", "db_updated_at": "2026-06-22T00:00:00+00:00" }
}

(Some fields are omitted above for brevity.) When no scan data exists for the image, vulnerabilities is null.

The full list of flags lives in the Getting started guide.

Vulnerability data

The critical / high / total counts come from precomputed nightly Trivy data. Nothing is scanned locally at runtime โ€” image-inspector doesn't run Trivy on your machine, pull images, or talk to a scanner. That keeps it fast and means no Docker daemon or scanner is required. A GitHub Actions workflow regenerates this data nightly and publishes it to GitHub Pages. At runtime the tool is online-first: it fetches that live report when online (short timeout, ETag-cached) and falls back to the copy bundled with the package when offline or if the fetch fails. The SECURITY panel's Source row shows which you're seeing (online (latest) vs offline (bundled copy)). Set IMAGE_INSPECTOR_OFFLINE=1 to force the bundled copy, or IMAGE_INSPECTOR_REPORT_URL to point at a different report. Because the data is precomputed, counts reflect the most recent snapshot rather than a live, on-the-spot scan.

Limitations

  • Vulnerability counts come from the precomputed nightly dataset (online from GitHub Pages, or the bundled offline fallback), not a live scan.
  • Counts are for the selected base image only, not your final application image.
  • Digest pinning improves reproducibility, but you still need a process for updating pinned images.
  • Only selected official images are supported.

Why not just use Trivy, Docker Scout, or Renovate?

image-inspector is not a replacement for full image scanning, Docker Scout, Trivy, or dependency automation tools like Renovate.

It is meant for the moment before you write a FROM line: choosing among official base images, seeing approximate vulnerability counts, and pinning the exact digest without pulling images locally or running a scanner.

You should still scan your final built image in CI.

Documentation

  • ๐Ÿ“– Getting started guide โ€” full usage, all flags, JSON output, and vulnerability data.
  • ๐Ÿ› ๏ธ Development guide โ€” set up locally, run the tool from source, lint, type-check, and test.
  • ๐Ÿš€ Releasing guide โ€” how releases are built and published.

Community & support

๐Ÿค Contributing

Contributions are welcome! Please read CONTRIBUTING.md for the branch/PR flow, local checks, and where to ask questions.

License

Released under the MIT License.