{"id":17967146,"url":"https://github.com/oderwat/docker-inspector","last_synced_at":"2026-01-28T13:01:03.969Z","repository":{"id":259886945,"uuid":"879727544","full_name":"oderwat/docker-inspector","owner":"oderwat","description":"A command-line tool for inspecting, comparing, and extracting files from Docker images","archived":false,"fork":false,"pushed_at":"2024-10-28T14:08:12.000Z","size":4164,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-10T13:34:26.608Z","etag":null,"topics":["analyzer","docker","docker-image","extractor"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oderwat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-28T12:53:59.000Z","updated_at":"2025-03-16T19:15:17.000Z","dependencies_parsed_at":"2024-10-28T16:40:55.064Z","dependency_job_id":"b0241dde-dd1a-42b3-a756-3ab01eea9afa","html_url":"https://github.com/oderwat/docker-inspector","commit_stats":null,"previous_names":["oderwat/docker-inspector"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/oderwat/docker-inspector","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oderwat%2Fdocker-inspector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oderwat%2Fdocker-inspector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oderwat%2Fdocker-inspector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oderwat%2Fdocker-inspector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oderwat","download_url":"https://codeload.github.com/oderwat/docker-inspector/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oderwat%2Fdocker-inspector/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28845760,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T12:37:07.070Z","status":"ssl_error","status_checked_at":"2026-01-28T12:37:06.657Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analyzer","docker","docker-image","extractor"],"created_at":"2024-10-29T14:04:18.310Z","updated_at":"2026-01-28T13:01:03.941Z","avatar_url":"https://github.com/oderwat.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Docker Image Inspector\n\nA command-line tool for inspecting, comparing, and extracting files from Docker images without having to manually create containers. The tool creates a temporary container, inspects its filesystem, and cleans up automatically. It can list files and their attributes, compare two images to find differences, and extract files from images to the local filesystem.\n\n## Disclaimer\n\nThis is WIP and \"use it on your own risk\". There are known and unknown bugs!\n\n## Features\n\n- Cross-platform: Runs on macOS, Linux, and Windows (with Linux containers)\n- Three main modes of operation:\n  - Inspect: List files and their attributes in any Docker image\n  - Compare: Show detailed differences between two Docker images\n  - Extract: Copy files from Docker images to local filesystem\n- Recursive directory listing\n- Glob pattern support (including `**/`) for finding specific files\n- MD5 checksum calculation for files\n- JSON output option for automated processing\n- Detailed summaries of files, directories, and sizes\n- Clean handling of special filesystems (/proc, /sys, etc.)\n- Modification time handling for reliable diffs\n- Preserves file permissions and ownership during extraction\n\n## Installation (precompiled binary)\n\nDownload an executable for your architecture from [Release Page](https://github.com/oderwat/docker-inspector/releases/latest)\n\nExtract the ZIP and copy it to you path.\n\n## Installation (from source)\n\n- Clone the repository\n- Build for your platform:\n```bash\nmake\n```\n\nTo follow the examples you need to copy the binary into your path or use it with the correct name of the executable (e.g. `./docker-inspector.exe`) \n\n## Build for other platforms (cross compilation)\n\n```bash\n# For Mac\nmake darwin\n#./docker-inspector-darwin\n\n# For Linux\nmake linux\n#./docker-inspector-linux\n\n# For Windows (cross compilation)\nmake windows\n#./docker-inspector.exe\n```\n\n## Usage\n\nBasic usage:\n```bash\n# Inspect a single image\ndocker-inspector nginx:latest\n\n# Compare two images\ndocker-inspector nginx:latest nginx:1.24\n```\n\nWith options:\n```bash\n# Find specific files\ndocker-inspector nginx:latest --glob \"**/*.conf\"\n\n# Calculate MD5 checksums\ndocker-inspector nginx:latest --md5\n\n# Output as JSON\ndocker-inspector nginx:latest --json \u003e nginx-files.json\n\n# Inspect specific path\ndocker-inspector nginx:latest --path /etc/nginx\n\n# Keep container for further inspection\ndocker-inspector nginx:latest --keep\n\n# Extract files from image\ndocker-inspector nginx:latest --output-dir ./extracted --glob \"**/*.conf\"\n\n# Extract with preserved permissions and ownership\ndocker-inspector nginx:latest --output-dir ./extracted --preserve-all\n\n# Extract stripping leading path components\ndocker-inspector nginx:latest --output-dir ./extracted --glob \"/etc/nginx/**\" --strip-components 2\n```\n\n### Comparing Images\n\nThe tool can directly compare two Docker images to show their differences:\n\n```bash\n# Direct comparison of two images\ndocker-inspector nginx:latest nginx:1.24\n\n# Compare with content verification\ndocker-inspector nginx:latest nginx:1.24 --md5\n\n# Focus on specific files\ndocker-inspector nginx:latest nginx:1.24 --glob \"**/*.conf\"\n\n# Compare without modification times\ndocker-inspector nginx:latest nginx:1.24 --no-times\n\n# Get machine-readable comparison\ndocker-inspector nginx:latest nginx:1.24 --json\n```\n\nAlternatively, you can generate and compare JSON outputs manually:\n```bash\n# Generate JSONs separately and use external diff tools\ndocker-inspector nginx:latest --json --md5 \u003e image1.json\ndocker-inspector nginx:1.24 --json --md5 \u003e image2.json\ndiff image1.json image2.json\n# or use jq, etc.\n```\n\nThe comparison shows:\n- Added files (present in second image but not in first)\n- Removed files (present in first image but not in second)\n- Modified files with details about what changed:\n  - Size differences\n  - Permission changes\n  - Ownership changes\n  - Content changes (when --md5 is used)\n  - Modification time changes (unless --no-times is specified)\n\nExample output:\n```\nComparison Summary:\nTotal differences: 5\nAdded files: 2\nRemoved files: 1\nModified files: 2\n\nDetails:\n+ /etc/nginx/new-feature.conf\n  (1234 bytes, nginx:nginx, mode -rw-r--r--)\n- /etc/nginx/deprecated.conf\n  (890 bytes, root:root, mode -rw-r--r--)\nM /etc/nginx/nginx.conf\n  size changed: 1500 -\u003e 1600\n  content changed (different MD5)\nM /etc/nginx/conf.d/default.conf\n  permissions changed: -rw-r--r-- -\u003e -rw-r--r--\n```\n\nThe tool exits with:\n- Status 0 if no differences are found\n- Status 1 if differences are found or an error occurs\n\nThis is useful for:\n- Validating image updates\n- Auditing configuration changes\n- Checking for unwanted modifications\n- Automation and CI/CD pipelines\n\n### File Extraction Options\n\nThe tool can extract files from Docker images to your local filesystem:\n\n- `--output-dir \u003cpath\u003e`: Extract matching files to this directory\n- `--preserve-permissions`: Preserve file permissions when extracting\n- `--preserve-user`: Preserve user/group ownership when extracting (requires root/sudo)\n- `--preserve-all`: Preserve all file attributes (equivalent to both above)\n- `--strip-components N`: Strip N leading components from file names when extracting\n\nFor example, with `--strip-components 2`, a file path `/etc/nginx/nginx.conf` becomes `nginx.conf` in the output directory.\n\nNote: When preserving ownership on macOS:\n- Docker Desktop's implementation limits ownership preservation through bind mounts\n- The destination filesystem must support Unix ownership attributes\n- The tool will automatically use sudo to fix ownership after the copy\n- Some macOS volumes (like external drives) might not support ownership changes\n\n### Options\n\n`docker-inspector --help`\n\n```\nDocker image content inspector - examines, extracts and compares files inside container images\ndocker-inspector 1.1.0\nUsage: docker-inspector-darwin [--path PATH] [--json] [--summary] [--glob GLOB] [--md5] [--keep] [--no-times] [--output-dir OUTPUT-DIR] [--strip-components STRIP-COMPONENTS] [--preserve-owner] [--preserve-perms] [--preserve-all] IMAGE1 [IMAGE2]\n\nPositional arguments:\n  IMAGE1                 docker image to inspect (or first image when comparing)\n  IMAGE2                 second docker image (for comparison mode)\n\nOptions:\n  --path PATH            path inside the container to inspect [default: /]\n  --json                 output in JSON format\n  --summary              show summary statistics\n  --glob GLOB            glob pattern for matching files (supports **/)\n  --md5                  calculate MD5 checksums for files\n  --keep                 keep the temporary container after inspection\n  --no-times             exclude modification times from output\n  --output-dir OUTPUT-DIR\n                         extract matching files to this directory\n  --strip-components STRIP-COMPONENTS\n                         strip NUMBER leading components from file names\n  --preserve-owner       preserve user/group information when extracting\n  --preserve-perms       preserve file permissions when extracting\n  --preserve-all         preserve all file attributes\n  --help, -h             display this help and exit\n  --version              display version and exit\n```\n\n## How It Works\n\nThe tool:\n1. Creates a temporary container from the specified image\n2. Copies a specialized Linux inspector binary into the container\n3. Executes the inspector inside the container\n4. Collects and formats the results\n5. When extracting files:\n   - Mounts the output directory into the container\n   - Copies files with requested attributes preserved\n   - On macOS, uses sudo to fix ownership if requested\n6. Automatically cleans up the container (unless --keep is specified)\n\n## Known bugs\n\nDirectories are not handled well so far:\n\n- Extraction (using `--output-dir`) is not creating empty directories\n- `--preserver-owner` is not working for directories either\n\nCutting of path elements using `--strip-components` is sketchy in this implementation.\n\n## Caveats\n\n- `--glob` is applied to the full path, so you need `/etc/**` to get all files and directory from /etc and `/etc/*` to get just the files.\n- Preserving permissions on OSX needs a sketchy implementation that uses `sudo` with a temporary bash script.\n- OSX external APF drives are usually not preserving ownership (this is why you can share them between macs with different user ids)\n\n## Building from Source\n\nRequires:\n- Go 1.21 or later\n- Docker running with Linux containers\n- make\n\n```bash\n# Build for current platform\nmake\n\n# Or for specific platform\nmake darwin   # For macOS\nmake linux    # For Linux\nmake windows  # For Windows\n```\n\n## Credits\n\nMost of the implementation work was done using Claude (Anthropic) in a conversation about Docker image inspection requirements and cross-platform Go development. The original concept and requirements were provided by the repository owner.\n\n## License\n\n[MIT-License](LICENSE.txt)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foderwat%2Fdocker-inspector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foderwat%2Fdocker-inspector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foderwat%2Fdocker-inspector/lists"}