Friday 5 July 2024

How to inspect the content of the Docker image

When building a Docker image it might be a good idea to verify that no sensitive or unnecessary file or folder has leaked into it which might be the case if .dockerignore is not configured properly.




In this article I want to show how to inspect the content of the Docker image (before we create and run a container).

Let's say we have in Dockerfile:


WORKDIR /usr/src/app

COPY ./my-app/ .



We can build image but with output set to be an archive:

$ docker build -t my-app -f ./my-app/Dockerfile . --output type=tar,dest=my-app.tar

We can now extract only the content of usr/src/app directory (note there is no leading / in the path!) from the archive, into the directory named app:

$ mkdir ./app && tar -xvf my-app.tar -C ./app usr/src/app/

We can now inspect and verify the content of the ./app directory.

After inspection is done, we can delete target directory and an archive:

$ rm -rf app && rm python_demo.tar

No comments: