container-diff

container-diff command [options] image...

container-diff is a tool for analyzing and comparing container images at a semantic level. Rather than just showing raw filesystem differences, it understands package managers and can report changes in terms of actual packages (apt, pip, npm), making it easier to understand what changed between image versions.The tool supports multiple image sources including local Docker daemon images, remote registry images, and tarball archives. It can analyze a single image or compare two images, with output available in human-readable or JSON formats for integration with CI/CD pipelines.Developed by Google as part of their Container Tools suite, container-diff helps with debugging image bloat, understanding layer contents, and validating that builds produce expected changes. It's particularly useful for security auditing and optimizing Docker images.

--type analyzer

Analyzer type: apt, rpm, pip, node, file, size, history.

Output as JSON.

Sort results by size in descending order.

Suppress output to stderr.

Cache directory.

Compare specific file.

analyze

Analyze single image

Compare two images

daemon://image: Local Docker daemonremote://image: Remote registrypath/to/image.tar: Local tarball

apt: Debian/Ubuntu packagesrpm: Red Hat/CentOS packagespip: Python packagesnode: npm packagesfile: Filesystem differencessize: Image sizehistory: Layer history

The project was archived in March 2024 and is no longer actively maintained. Does not support Docker IDs directly (tag first). Use docker-credential-helpers for registry auth. Without --type, defaults to size analysis.

docker(1), skopeo(1), dive(1)