In an earlier post on this blog I was curious about comparing Docker images to try to track down the differences that might be causing performance problems. Since then I have had a play with the sbom Docker command for listing out what is included in the image.
Following the documentation at: https://docs.docker.com/engine/sbom/
Below is an example of the output of a run of a locally built app:
> docker sbom hello-world-alpine-jlink:latest
Syft v0.43.0
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [16 packages]
NAME VERSION TYPE
alpine-baselayout 3.2.0-r20 apk
alpine-baselayout-data 3.2.0-r20 apk
alpine-keys 2.4-r1 apk
apk-tools 2.12.9-r3 apk
busybox 1.35.0-r13 apk
ca-certificates-bundle 20211220-r0 apk
docker-comparison 1.0-SNAPSHOT java-archive
jrt-fs 11.0.15 java-archive
libc-utils 0.7.2-r3 apk
libcrypto1.1 1.1.1o-r0 apk
libssl1.1 1.1.1o-r0 apk
musl 1.2.3-r0 apk
musl-utils 1.2.3-r0 apk
scanelf 1.3.4-r0 apk
ssl_client 1.35.0-r13 apk
zlib 1.2.12-r1 apk
This is a much more detailed listing of the components that are included in the docker image than we would get from looking at the Dockerfile or image history, so I would recommend it as a way of checking what you are including in an image. The main feature request that I have is to separate the artifacts by type, though in this trivial example that is simple enough to do by just looking at the listing.
No comments:
Post a Comment