Convert Figma logo to code with AI

wagoodman logodive

A tool for exploring each layer in a docker image

45,415
1,725
45,415
201
View on GitHub

Top Related Projects

GoogleContainerTools's avatar

container-diff

3,761

container-diff: Diff your Docker containers

anchore's avatar

grype

8,441

A vulnerability scanner for container images and filesystems

aquasecurity's avatar

trivy

22,801

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

goodwithtech's avatar

dockle

2,746

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

hadolint's avatar

hadolint

10,221

Dockerfile linter, validate inline bash, written in Haskell

Quick Overview

Dive is a tool for exploring a Docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image. It provides a detailed breakdown of image layers, allowing users to analyze the content and efficiency of their Docker images.

Pros

  • Offers an interactive CLI interface for easy exploration of Docker images
  • Provides detailed layer-by-layer analysis, helping identify redundant or unnecessary files
  • Supports CI integration for automated image efficiency checks
  • Helps reduce image sizes, leading to faster deployments and reduced storage costs

Cons

  • Limited to analyzing Docker/OCI images only
  • May require some familiarity with Docker concepts for optimal use
  • Can be resource-intensive when analyzing large images
  • Does not provide automatic optimization suggestions

Getting Started

To install and use Dive, follow these steps:

# Install Dive (for macOS using Homebrew)
brew install dive

# Analyze a Docker image
dive <image-name>

# Analyze a Docker image from a tar archive
dive <path-to-image.tar>

# Run Dive in CI mode
CI=true dive <image-name>

Once launched, use the arrow keys to navigate through layers and files. Press Ctrl+C to exit the tool.

Competitor Comparisons

GoogleContainerTools logo

container-diff

3,761

container-diff: Diff your Docker containers

Pros of container-diff

  • Supports multiple image formats (Docker, OCI, ACI)
  • Provides detailed file system and package differences
  • Offers various analysis types (pip, apt, rpm, etc.)

Cons of container-diff

  • Less intuitive visualization of layer structure
  • Doesn't provide real-time analysis of image efficiency
  • Limited interactivity compared to dive

Code Comparison

container-diff:

container-diff analyze daemon://image1 daemon://image2 --type=file --type=pip

dive:

dive <image>

Summary

container-diff excels in comparing multiple images and analyzing specific aspects like package differences. It supports various image formats and provides detailed reports. However, it lacks the interactive exploration and layer-by-layer analysis that dive offers.

dive focuses on a single image at a time, providing an interactive interface for exploring layer contents and identifying optimization opportunities. It offers real-time efficiency analysis but doesn't support comparing multiple images or analyzing specific package managers.

Both tools serve different purposes: container-diff for comprehensive image comparison and analysis, and dive for in-depth exploration and optimization of individual images.

anchore logo

grype

8,441

A vulnerability scanner for container images and filesystems

Pros of Grype

  • Focuses on vulnerability scanning, providing comprehensive security analysis
  • Supports scanning various artifact types beyond just Docker images
  • Regularly updated vulnerability database for up-to-date security information

Cons of Grype

  • Lacks the ability to explore and analyze image layers interactively
  • May have a steeper learning curve for users primarily interested in image structure

Code Comparison

Grype (vulnerability scanning):

grype alpine:latest

Dive (image layer analysis):

dive alpine:latest

Summary

Grype and Dive serve different primary purposes. Grype excels in vulnerability scanning across various artifacts, offering a comprehensive security analysis with an up-to-date vulnerability database. It's particularly useful for teams focused on security audits and compliance.

Dive, on the other hand, specializes in Docker image analysis, providing an interactive interface to explore image layers and optimize image size. It's more suited for developers and DevOps engineers working on image optimization and understanding image composition.

While both tools work with Docker images, they complement each other rather than compete directly. Grype enhances security practices, while Dive improves image management and optimization workflows.

aquasecurity logo

trivy

22,801

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Pros of Trivy

  • Comprehensive vulnerability scanning for containers, filesystems, and Git repositories
  • Supports multiple operating systems and package managers
  • Integrates with CI/CD pipelines and provides machine-readable output

Cons of Trivy

  • Focuses primarily on security vulnerabilities, not image layer analysis
  • May require more setup and configuration for advanced use cases
  • Can be slower for large images due to extensive vulnerability database

Code Comparison

Trivy:

trivy image python:3.4-alpine

Dive:

dive <your-image-tag>

Key Differences

Trivy is a comprehensive security scanner for containers and filesystems, while Dive is focused on analyzing and exploring Docker image layers. Trivy excels in identifying vulnerabilities across various components, whereas Dive provides detailed insights into image composition and efficiency.

Trivy is better suited for security-focused workflows and CI/CD integration, while Dive is ideal for developers and DevOps engineers looking to optimize Docker images and understand their structure.

Both tools serve different primary purposes but can be complementary in a Docker development and security workflow.

goodwithtech logo

dockle

2,746

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Pros of Dockle

  • Focuses on security and best practices for Docker images
  • Provides CIS benchmarks and security checks
  • Offers a comprehensive set of rules for image analysis

Cons of Dockle

  • Less detailed layer-by-layer analysis compared to Dive
  • May not provide as in-depth size optimization suggestions
  • Primarily focused on security rather than image structure

Code Comparison

Dive usage:

dive <your-image-tag>

Dockle usage:

dockle <your-image-tag>

Key Differences

  • Dive excels at analyzing image layers and size optimization
  • Dockle specializes in security checks and best practices
  • Dive provides an interactive TUI for exploration
  • Dockle generates reports with security recommendations

Use Cases

  • Use Dive for:

    • Detailed layer analysis
    • Finding ways to reduce image size
    • Understanding image structure

  • Use Dockle for:

    • Security audits of Docker images
    • Ensuring compliance with best practices
    • Identifying potential vulnerabilities

Both tools complement each other, with Dive focusing on image structure and size optimization, while Dockle emphasizes security and best practices for Docker images.

hadolint logo

hadolint

10,221

Dockerfile linter, validate inline bash, written in Haskell

Pros of Hadolint

  • Focuses on Dockerfile linting and best practices
  • Integrates with CI/CD pipelines for automated checks
  • Provides detailed explanations for each rule violation

Cons of Hadolint

  • Limited to static analysis of Dockerfiles
  • Doesn't provide insights into image layers or size optimization
  • May produce false positives in some cases

Code Comparison

Hadolint example:

hadolint Dockerfile

Dive example:

dive <image-name>

Key Differences

Hadolint is a specialized tool for linting Dockerfiles, focusing on best practices and potential issues in the build instructions. It excels at identifying common mistakes and suggesting improvements before the image is built.

Dive, on the other hand, is designed for analyzing already-built Docker images. It provides a detailed view of the image layers, allowing users to explore the contents of each layer and identify opportunities for size optimization.

While Hadolint helps prevent issues during the Dockerfile creation process, Dive assists in understanding and optimizing the resulting image structure. Both tools serve different purposes in the Docker development workflow, with Hadolint being more preventive and Dive more analytical.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

dive

GitHub release Validations Go Report Card License: MIT Donate

A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.

Image

To analyze a Docker image simply run dive with an image tag/id/digest:

dive <your-image-tag>

or you can dive with docker command directly

alias dive="docker run -ti --rm  -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive"
dive <your-image-tag>

# for example
dive nginx:latest

or if you want to build your image then jump straight into analyzing it:

dive build -t <some-tag> .

Building on Macbook (supporting only the Docker container engine)

docker run --rm -it \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v  "$(pwd)":"$(pwd)" \
      -w "$(pwd)" \
      -v "$HOME/.dive.yaml":"$HOME/.dive.yaml" \
      wagoodman/dive:latest build -t <some-tag> .

Additionally you can run this in your CI pipeline to ensure you're keeping wasted space to a minimum (this skips the UI):

CI=true dive <your-image>

Image

This is beta quality! Feel free to submit an issue if you want a new feature or find a bug :)

Basic Features

Show Docker image contents broken down by layer

As you select a layer on the left, you are shown the contents of that layer combined with all previous layers on the right. Also, you can fully explore the file tree with the arrow keys.

Indicate what's changed in each layer

Files that have changed, been modified, added, or removed are indicated in the file tree. This can be adjusted to show changes for a specific layer, or aggregated changes up to this layer.

Estimate "image efficiency"

The lower left pane shows basic layer info and an experimental metric that will guess how much wasted space your image contains. This might be from duplicating files across layers, moving files across layers, or not fully removing files. Both a percentage "score" and total wasted file space is provided.

Quick build/analysis cycles

You can build a Docker image and do an immediate analysis with one command: dive build -t some-tag .

You only need to replace your docker build command with the same dive build command.

CI Integration

Analyze an image and get a pass/fail result based on the image efficiency and wasted space. Simply set CI=true in the environment when invoking any valid dive command.

Multiple Image Sources and Container Engines Supported

With the --source option, you can select where to fetch the container image from:

dive <your-image> --source <source>

or

dive <source>://<your-image>

With valid source options as such:

  • docker: Docker engine (the default option)
  • docker-archive: A Docker Tar Archive from disk
  • podman: Podman engine (linux only)

Installation

Ubuntu/Debian

Using debs:

DIVE_VERSION=$(curl -sL "https://api.github.com/repos/wagoodman/dive/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
curl -OL https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.deb
sudo apt install ./dive_${DIVE_VERSION}_linux_amd64.deb

Using snap:

sudo snap install docker
sudo snap install dive
sudo snap connect dive:docker-executables docker:docker-executables
sudo snap connect dive:docker-daemon docker:docker-daemon

RHEL/Centos

DIVE_VERSION=$(curl -sL "https://api.github.com/repos/wagoodman/dive/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
curl -OL https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.rpm
rpm -i dive_${DIVE_VERSION}_linux_amd64.rpm

Arch Linux

Available in the extra repository and can be installed via pacman:

pacman -S dive

Mac

If you use Homebrew:

brew install dive

If you use MacPorts:

sudo port install dive

Or download the latest Darwin build from the releases page.

Windows

Download the latest release.

Go tools Requires Go version 1.10 or higher.

go get github.com/wagoodman/dive

Note: installing in this way you will not see a proper version when running dive -v.

Nix/NixOS

On NixOS:

nix-env -iA nixos.dive

On non-NixOS (Linux, Mac)

nix-env -iA nixpkgs.dive

Docker

docker pull wagoodman/dive

or

docker pull quay.io/wagoodman/dive

When running you'll need to include the docker socket file:

docker run --rm -it \
    -v /var/run/docker.sock:/var/run/docker.sock \
    wagoodman/dive:latest <dive arguments...>

Docker for Windows (showing PowerShell compatible line breaks; collapse to a single line for Command Prompt compatibility)

docker run --rm -it `
    -v /var/run/docker.sock:/var/run/docker.sock `
    wagoodman/dive:latest <dive arguments...>

Note: depending on the version of docker you are running locally you may need to specify the docker API version as an environment variable:

   DOCKER_API_VERSION=1.37 dive ...

or if you are running with a docker image:

docker run --rm -it \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -e DOCKER_API_VERSION=1.37 \
    wagoodman/dive:latest <dive arguments...>

CI Integration

When running dive with the environment variable CI=true then the dive UI will be bypassed and will instead analyze your docker image, giving it a pass/fail indication via return code. Currently there are three metrics supported via a .dive-ci file that you can put at the root of your repo:

rules:
  # If the efficiency is measured below X%, mark as failed.
  # Expressed as a ratio between 0-1.
  lowestEfficiency: 0.95

  # If the amount of wasted space is at least X or larger than X, mark as failed.
  # Expressed in B, KB, MB, and GB.
  highestWastedBytes: 20MB

  # If the amount of wasted space makes up for X% or more of the image, mark as failed.
  # Note: the base image layer is NOT included in the total image size.
  # Expressed as a ratio between 0-1; fails if the threshold is met or crossed.
  highestUserWastedPercent: 0.20

You can override the CI config path with the --ci-config option.

KeyBindings

Key BindingDescription
Ctrl + C or QExit
TabSwitch between the layer and filetree views
Ctrl + FFilter files
PageUpScroll up a page
PageDownScroll down a page
Ctrl + ALayer view: see aggregated image modifications
Ctrl + LLayer view: see current layer modifications
SpaceFiletree view: collapse/uncollapse a directory
Ctrl + SpaceFiletree view: collapse/uncollapse all directories
Ctrl + AFiletree view: show/hide added files
Ctrl + RFiletree view: show/hide removed files
Ctrl + MFiletree view: show/hide modified files
Ctrl + UFiletree view: show/hide unmodified files
Ctrl + BFiletree view: show/hide file attributes
PageUpFiletree view: scroll up a page
PageDownFiletree view: scroll down a page

UI Configuration

No configuration is necessary, however, you can create a config file and override values:

# supported options are "docker" and "podman"
container-engine: docker
# continue with analysis even if there are errors parsing the image archive
ignore-errors: false
log:
  enabled: true
  path: ./dive.log
  level: info

# Note: you can specify multiple bindings by separating values with a comma.
# Note: UI hinting is derived from the first binding
keybinding:
  # Global bindings
  quit: ctrl+c
  toggle-view: tab
  filter-files: ctrl+f, ctrl+slash

  # Layer view specific bindings
  compare-all: ctrl+a
  compare-layer: ctrl+l

  # File view specific bindings
  toggle-collapse-dir: space
  toggle-collapse-all-dir: ctrl+space
  toggle-added-files: ctrl+a
  toggle-removed-files: ctrl+r
  toggle-modified-files: ctrl+m
  toggle-unmodified-files: ctrl+u
  toggle-filetree-attributes: ctrl+b
  page-up: pgup
  page-down: pgdn

diff:
  # You can change the default files shown in the filetree (right pane). All diff types are shown by default.
  hide:
    - added
    - removed
    - modified
    - unmodified

filetree:
  # The default directory-collapse state
  collapse-dir: false

  # The percentage of screen width the filetree should take on the screen (must be >0 and <1)
  pane-width: 0.5

  # Show the file attributes next to the filetree
  show-attributes: true

layer:
  # Enable showing all changes from this layer and every previous layer
  show-aggregated-changes: false

dive will search for configs in the following locations:

  • $XDG_CONFIG_HOME/dive/*.yaml
  • $XDG_CONFIG_DIRS/dive/*.yaml
  • ~/.config/dive/*.yaml
  • ~/.dive.yaml

.yml can be used instead of .yaml if desired.