Tag: docker

All the articles with the tag "docker".

Garden vs Tilt vs Skaffold

Garden vs Tilt vs Skaffold

Three inner-loop dev tools for Kubernetes — Garden, Tilt, and Skaffold. Which one actually makes K8s development bearable? Honest comparison, no fluff.

Lima vs Multipass

Lima vs Multipass

VM-backed Linux dev environments on macOS/Linux — Lima vs Multipass compared on speed, container support, and resource use.

Compose Watch: Faster Dev Loops

Compose Watch: Faster Dev Loops

Docker Compose Watch syncs your code into running containers without rebuilds. Here's how to set it up and why your dev loop is about to get a lot less painful.

tini vs dumb-init vs --init

tini vs dumb-init vs --init

PID 1 zombie reaping in containers — tini, dumb-init, and docker --init compared; when each one fixes your signal handling and stops your 10s shutdown tax.

Container Escape: How to Stop It

Container Escape: How to Stop It

Containers are not VMs. Here are the real escape vectors — privileged mode, mounted sockets, kernel CVEs — and the runtime hardening that actually helps.

ko vs Jib vs Buildpacks

ko vs Jib vs Buildpacks

Build container images without writing a single Dockerfile — ko for Go, Jib for Java, Paketo Buildpacks for everything else. Real benchmarks, real tradeoffs.

Cosign Keyless: Sign Without Keys

Cosign Keyless: Sign Without Keys

Cosign keyless signing uses GitHub OIDC + Fulcio + Rekor to sign container images without managing private keys. Here's how it actually works and why you want it.

Docker Bake vs Compose Build

Docker Bake vs Compose Build

Orchestrating multi-image Docker builds: docker buildx bake vs compose build, matrix targets, multi-arch, caching, and when each one actually wins.

WASM Containers in 2026

WASM Containers in 2026

Spin, WasmEdge, and wasmCloud are dragging WebAssembly into the container world. Here's what actually works, and what's still half-baked in 2026.

Nerdctl vs Docker CLI

Nerdctl vs Docker CLI

nerdctl is the containerd-native docker CLI replacement — when it's a drop-in, when it's not, and why you'd bother switching at all.

Sysbox vs gVisor vs Kata

Sysbox vs gVisor vs Kata

Containers aren't security boundaries — Sysbox, gVisor, and Kata fix that. Here's which isolation runtime fits your actual threat model.

Trivy vs Grype vs Docker Scout

Trivy vs Grype vs Docker Scout

Trivy, Grype, and Docker Scout go head-to-head on speed, CVE coverage, CI integration, and cost. Pick the right scanner for your home lab or pipeline.