container-diff

Analyze image size

$ container-diff analyze [image:tag]

$ container-diff diff [image1] [image2] --type=apt

$ container-diff diff [image1] [image2] --type=pip

$ container-diff diff [image1] [image2] --type=file

$ container-diff diff [image1] [image2] --type=apt --type=pip --type=node

$ container-diff diff [image1] [image2] --type=apt -j

$ container-diff diff daemon://[local:tag] remote://[repo/image:tag]

container-diff command [options] image...

container-diff is a tool for analyzing and comparing container images at a semantic level. Rather than just showing raw filesystem differences, it understands package managers and can report changes in terms of actual packages (apt, pip, npm), making it easier to understand what changed between image versions.
The tool supports multiple image sources including local Docker daemon images, remote registry images, and tarball archives. It can analyze a single image or compare two images, with output available in human-readable or JSON formats for integration with CI/CD pipelines.
Developed by Google as part of their Container Tools suite, container-diff helps with debugging image bloat, understanding layer contents, and validating that builds produce expected changes. It's particularly useful for security auditing and optimizing Docker images.

--type analyzer

Analyzer type: apt, pip, node, file, size, history

Output as JSON

Cache directory

Compare specific file

analyze

Analyze single image

Compare two images

daemon://image: Local Docker daemon
remote://image: Remote registry
path/to/image.tar: Local tarball

apt: Debian/Ubuntu packages
pip: Python packages
node: npm packages
file: Filesystem differences
size: Image size
history: Layer history

Project in maintenance mode. Does not support Docker IDs directly (tag first). Use docker-credential-helpers for registry auth.

docker(1), skopeo(1), dive(1)