Docker images analysis

Analyzing container image tools is essential for automating the inspection process, saving time and ensuring consistency across development environments. They assist in optimizing images for better performance and resource utilization, aligning with best practices in containerization.
By integrating such tools into CI/CD pipelines, teams can ensure that image layer analysis becomes an integral part of the software development lifecycle.

Skipped all instruments that need Docker Desktop

DIVE

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.

Two ways how to analyse nginx images

• Run from docker

  1	docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive nginx

• Install dive locally. See https://github.com/wagoodman/dive/blob/main/README.md#installation

  1	dive nginx

Slim from Slim Toolkit

Slim allows developers to inspect, optimize and debug their containers using its xray, lint, build, debug, run, images, merge, registry, vulnerability (and other) commands.

slim build to optimize vanilla nginx image

Download nginx

1
2
3

docker pull nginx
docker images | grep -i nginx
#nginx       latest    a8758716bb6a    2 months ago    187MB

Run slim from docker. Use additional flags (like --http-probe=false)

1
2
3
4

docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/slim build nginx
docker images | grep -i nginx
#nginx       latest    a8758716bb6a    2 months ago    187MB
#nginx.slim  latest    05808df89e1c    59 seconds ago  13.3MB

slim xray containers’ underhood

xray - performs static analysis for the target container image (including ‘reverse engineering’ the Dockerfile for the image). Use this command if you want to know what’s inside your container image and what makes it fat.

1

docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock dslim/slim xray --target nginx