Improve Dockerfile efficiency and add Docker build instructions for contributors

.dockerignore

@@ -1,6 +1,44 @@
-**
-!dist_linux/**
-!dist_linux_arm64/**
-!build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381
+# Ignore Git files
+.git
+.gitignore
+
+# Mac system files
+.DS_Store
 **/.DS_Store
+
+# Editor directories
+.vscode/
+.idea/
+
+# Build outputs
+dist/
+dist_linux/
+dist_linux_arm64/
+build/
+coverage/
+
+# Binary artifacts
+*.exe
+*.dll
+*.so
+*.dylib
+*.out
+*.test
+
+# Logs
+*.log
+
+# Ignore vendor folder (unless needed)
+vendor/
+
+# Temporary files
+*.tmp
+*.swp
+
+# Scripts and command outputs
 **/*.command
+
+# Cache
+.cache/
+npm-debug.log
+yarn-error.log

README.md

@@ -741,6 +741,38 @@ Examples:
 * `slim --quiet vulnerability epss --op list --date 2024-01-05`
 * `slim --quiet vulnerability epss --op list --filter-cve-id-pattern 2023 --filter-score-gt 0.92 --limit 2 --offset 3`
 
+## Building Slim from the Provided Dockerfiles (Contributor Guide)
+
+SlimToolkit includes Dockerfiles used to package the runtime CLI into minimal container images.  
+These images are useful for development, debugging, and testing container-based execution of Slim.
+
+### Build the main Slim runtime image
+
+```bash
+docker build \
+  -f build/package/docker/Dockerfile \
+  -t slim-dev:latest .
+
+Run Slim inside the container
+docker run --rm -it slim-dev:latest --help
+
+Build the ARM64 runtime image (Apple Silicon / ARM servers)
+docker build \
+  -f build/package/docker/Dockerfile.arm \
+  -t slim-dev-arm64:latest .
+
+Analyze a local Docker image using Slim inside a container
+docker run --rm -it \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  slim-dev:latest \
+  build your-image:tag
+
+Rebuild without cache
+docker build --no-cache \
+ -f build/package/docker/Dockerfile \
+  -t slim-dev:latest .
+
+
 
 ## RUNNING CONTAINERIZED
 

build/package/docker/Dockerfile

@@ -1,13 +1,32 @@
-FROM alpine:latest as ca-certs
-LABEL build-role=ca-certs
-RUN apk update && apk upgrade && apk add --no-cache ca-certificates && update-ca-certificates 2>/dev/null || true
+# Stage 1: Build CA certificates
+FROM alpine:latest AS ca-certs
+LABEL build-role="ca-certs"
 
+# Use modern best practice: avoid apk update/upgrade
+RUN apk add --no-cache ca-certificates && update-ca-certificates
+
+# Final minimal image
 FROM scratch
-LABEL app=slim
+
+# OCI recommended metadata
+LABEL app="slim"
+LABEL org.opencontainers.image.title="docker-slim"
+LABEL org.opencontainers.image.description="DockerSlim runtime image containing the slim binary and required certificates"
+LABEL org.opencontainers.image.source="https://github.com/docker-slim/docker-slim"
+
+# Workdir for clarity (optional but cleaner)
+WORKDIR /bin
+
+# Copy CA certificates
 COPY --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Copy the slim binary package
 COPY dist_linux /bin
+
+# Copy DockerSlim container metadata file
 COPY build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381 /.ds.container.d3e2c84f976743bdb92a7044ef12e381
-VOLUME /bin/.slim-state
-ENTRYPOINT ["/bin/slim"]
 
+# Slim keeps state here
+VOLUME /bin/.slim-state
 
+ENTRYPOINT ["/bin/slim"]

build/package/docker/Dockerfile.arm

@@ -1,13 +1,32 @@
-FROM alpine:latest as ca-certs
-LABEL build-role=ca-certs
-RUN apk update && apk upgrade && apk add --no-cache ca-certificates && update-ca-certificates 2>/dev/null || true
+# Stage 1: Build CA certificates
+FROM alpine:latest AS ca-certs
+LABEL build-role="ca-certs"
 
+# Modern best practice: no apk update/upgrade
+RUN apk add --no-cache ca-certificates && update-ca-certificates
+
+# Final minimal image for ARM builds
 FROM scratch
-LABEL app=slim
+
+# OCI recommended metadata
+LABEL app="slim"
+LABEL org.opencontainers.image.title="docker-slim (ARM64)"
+LABEL org.opencontainers.image.description="DockerSlim ARM64 runtime image containing the slim binary and required certificates"
+LABEL org.opencontainers.image.source="https://github.com/docker-slim/docker-slim"
+
+# Workdir for consistency
+WORKDIR /bin
+
+# Copy CA certificates
 COPY --from=ca-certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Copy the slim ARM64 binary package
 COPY dist_linux_arm64 /bin
+
+# Copy DockerSlim metadata file
 COPY build/package/docker/.ds.container.d3e2c84f976743bdb92a7044ef12e381 /.ds.container.d3e2c84f976743bdb92a7044ef12e381
-VOLUME /bin/.slim-state
-ENTRYPOINT ["/bin/slim"]
 
+# Slim keeps state here
+VOLUME /bin/.slim-state
 
+ENTRYPOINT ["/bin/slim"]