Package Analysis in Docker Image

Hello All,

I have pulled a few images to my base machine, and need to analyze the package-versions/installed-libraries version that are currently present in that image.

Is there any command/tool to do that?

Certainly. Most bash commands can be run after the run command.
Kinda depends on the image, but you can physically get on the container and look, as well.
or docker run -it apt list --installed (this is for a linux container that has ubuntu which uses apt package manger)

Hi Zach,

Thanks for your reply, however I dont wanna run the container in this case. I just wanna view the package info without running the container. Just like the clair does. However, the clair does in an automated way, and I wanna do in a manual way. Is there any way to do that?

The common approach is to use a tool that analyzes images from a repository… What’s wrong with using clair? I wouldn’t be suprised if they work with fingerprints for binaries to identify versions and match those against a known vulnerability database. How do you intend to do this manualy?

There is a way to find out which files are included in an images layer, though this will not help you determine the version of a binary.

Yes clair does the job, but it does in an automated fashion. I want to understand how clair does it. I want to analyse the image layers manually in order to understand and get the package version accordingly. Any way to achieve the same?

So you alrady checked out and studied the sources of clair?

yes, I have analysed clair, but as I mentioned it is doing the package analysis by going layer by layer in an automated fashion. I wanna do the same thing, but in an automated way. Basically, I need the list of package installed for that particular docker image without running the container.

docker history --no-trunc is probably a good start.
Aside from the FROM, Which you will have to run this command on that FROM image, to determine the layers that do package installs on that image.
The history of that images dockerfile calls is in history and you can then look at the packages that are added installed etc…
Also in docker hub if you select tags tab, then an image tag latest or digest it will show a set of layers… When you select a layer it shows you what was installed…
for example

node image layer 6…
See all the apt-get installs…

hope this helps.