Skip to main content

Docker, containers, rootfs and virtual machine related software composition analysis (SCA) utilities.

Project description

container-inspector is a suite of analysis utilities and command line tools for Docker images, containers, root filesystems and virtual machine images.

For Docker images, it can process layers and how these relate to each other as well as Dockerfiles.

container-inspector provides utilities to:

  • identify Docker images in a file system, its layers and the related metadata.

  • given a Docker image, collect and report its metadata.

  • given a Docker image, extract the layers used to rebuild what how a runtime rootfs would look.

  • find and parse Dockerfiles.

  • find how Dockerfiles relate to actual images and their layers.

  • given a Docker image, rootfs or Virtual Machime image collect inventories of packages and files installed in an image or layer or rootfs (implemented using a provided callable)

  • detect the “distro” of a rootfs of image using os-release files (and an extensive test suite for these)

  • detect the operating system, architecture and

Quick start

  • Only runs on POSIX OSes

  • Get Python 3.6+

  • Check out a clone or download of container-inspector, then run: ./configure.

  • Then run tmp/bin/container-inspector -h for help.

Container image formats

container-inspector handles the formats of Docker images as created by the docker save command. There are three versions for this Docker image format. The latest v1.2 is a minor update to v1.1.

  • v1.1 provides improved and richer metadata over v1.0 with a top level manifest.json file and a Config file for each image with full layer history and ordeing. It also use checksum for enhanced security and traceability of images and layers.

  • v1.0 uses a simple repositories meta file and requires infering the ordering of the layers in an image based on each individual layer json meta file. This format is no longer support in the latest version of container-inspector.

  • All V1.x formats use the same storage format for layers e.g the layer format V1.0 where each layer is stored in a sub-directories named after the layer id. Each of this directories contains a “layer.tar” tarball with the layer payload, a “json” JSON metadata file describing the layer and a “VERSION” file describing the layer format version. Each tarball represents a slice or diff of the image root file system using the AUFS conventions.

At runtime, in a sequence of layers of an image, each root filesystem slice of a layer is “layered” on top of each other from the root bottom layer to the latest layer (or selected tagged layer) using a union file system (e.g. AUFS). In AUFS, any file or directory prefixed with .wh. are “white outs” files deleting files in the underlying layers.

See the image specifications saved in docs/references/

Internal data model

  • Image: this is a runnable image composed of metadata and a sequence of layers.

  • Layer: this is a slice of an image root filesystem with a payload and metadata

  • Resource: this a file or directory

Plans

  • in progress: support OCI image layout

  • improved suport for Windows containers

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

container-inspector-21.6.10.tar.gz (147.5 kB view details)

Uploaded Source

Built Distribution

container_inspector-21.6.10-py3-none-any.whl (37.6 kB view details)

Uploaded Python 3

File details

Details for the file container-inspector-21.6.10.tar.gz.

File metadata

  • Download URL: container-inspector-21.6.10.tar.gz
  • Upload date:
  • Size: 147.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.6.10

File hashes

Hashes for container-inspector-21.6.10.tar.gz
Algorithm Hash digest
SHA256 b36e3c7cd3095c60bb1eacb4f9af7b533e8988b4f8dcc20bbd522e995ff21c9e
MD5 0c7f06a16841b45f0774e30df583c548
BLAKE2b-256 60c8fb9556cae8433ab39247cd99eb26e334c9e66a288ad4f6a7bf8a0bd18845

See more details on using hashes here.

File details

Details for the file container_inspector-21.6.10-py3-none-any.whl.

File metadata

  • Download URL: container_inspector-21.6.10-py3-none-any.whl
  • Upload date:
  • Size: 37.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.1 importlib_metadata/4.5.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.6.10

File hashes

Hashes for container_inspector-21.6.10-py3-none-any.whl
Algorithm Hash digest
SHA256 e09d9ce5fd81c83fa9b0cf062cef452c4426db58d208e687185c0e9b34563edc
MD5 dbca634d778d616d27580bb9edc2c0ee
BLAKE2b-256 54f286fae0ebadf91e5b07ca1a3a8c73618494c12c2310c18e7ad2062e38f3ea

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page