Do you know how to peak under the hood at Docker images to ensure no malicious shenanigans are taking place?

Allow me to introduce you to another cool tool introduced to me by Tim L during our last Cloud War Games Live Event just called dive which lets you explore a Docker image and its layer contents.

Just run the following command and it pops up a nice little DOS-like UI that gives you information about the contents of the Docker image.

dive <your-image-tag>

Uses in CI/CD:

They also recommend running it in your CI/CD stack to analyze each image as it's built. This will help keep your dev team aware of any image bloat that might be getting packaged in. Being mindful of that will definitely help keep storage costs down as well as code boot times.

Questions For You:

How are you monitoring what goes into your production Docker images?