Dive: A tool to Analyze Docker Image and Layer Contents


In this article, we will look into an open source tool called Dive which is used for analyzing docker image and layering its contents. This tool has the capability to show docker image contents broken down into layers. Dive with another tool called Jib is ideal for a situation where you have bunch of applications running on microservices environment. If your application image size is quite big then restarting the container or pods takes huge toll on your network bandwidth as it has to download the entire image from repository every time you restart your container or deployment or pods.

Using dive with Jib tool gives you the capability to deal with this situation as Jib has the ability to break down the application components and cache all those dependencies which does not often change. This saves a lot of application bandwidth and hence improves app recycling time which in turn reduces the impact. We will see more about its usage in upcoming articles. Here we will go through the installation and capabilities dive provides in analyzing the docker images.


Some Basic Features

To summarize, some of its basic feature includes:-

  • Breaking down of docker image to multiple layers
  • Indicating the modified files in File Tree
  • Building and analyzing docker images using a simple command
  • Estimating and analyzing Image efficiency
  • Support of Multiple Image Sources and Container Engines

Dive: A tool to Analyze Docker Image and Layer Contents

Dive: A tool to Analyze Docker Image and Layer Contents

Also Read: Why Harbor Auth Mode showing Disabled ?


As a prerequisite, you need to have wget or curl utility available in your system. To install this tool on Ubuntu/Debian based systems, you can just download it from GitHub using wget or curl utility as shown below.

cyberithub@ubuntu:~$ wget
--2022-09-14 20:29:32--
Resolving (
Connecting to (||:443... connected.
Location: [following]
--2022-09-14 20:29:32--
Resolving (,,, ...
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4765140 (4.5M) [application/octet-stream]
Saving to: ‘dive_0.9.2_linux_amd64.deb’

dive_0.9.2_linux_amd64.deb 100%[============================================================================>] 4.54M 1.77MB/s in 2.6s

2022-09-14 20:29:35 (1.77 MB/s) - ‘dive_0.9.2_linux_amd64.deb’ saved [4765140/4765140]

Once downloaded, you can install it by using sudo apt install ./dive_0.9.2_linux_amd64.deb command as shown below.

cyberithub@ubuntu:~$ sudo apt install ./dive_0.9.2_linux_amd64.deb
[sudo] password for cyberithub:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'dive' instead of './dive_0.9.2_linux_amd64.deb'
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/4,765 kB of archives.
After this operation, 12.4 MB of additional disk space will be used.
Get:1 /home/cyberithub/dive_0.9.2_linux_amd64.deb dive amd64 0.9.2 [4,765 kB]
Selecting previously unselected package dive.
(Reading database ... 230525 files and directories currently installed.)
Preparing to unpack .../dive_0.9.2_linux_amd64.deb ...
Unpacking dive (0.9.2) ...
Setting up dive (0.9.2) ...

In the similar way, you can install this tool on other Linux based systems as well. To verify the current installed version, you can use dive --version command as shown below.

cyberithub@ubuntu:~$ dive --version
dive 0.9.2

After successful installation, you can use the tool to analyze the image using dive <tag/id/digest> command. Here we are analyzing python docker image by using dive python command as shown below.

cyberithub@ubuntu:~$ dive python
Image Source: docker://python
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull 'python'...
Using default tag: latest
latest: Pulling from library/python
23858da423a6: Pull complete
326f452ade5c: Pull complete
a42821cd14fb: Pull complete
8471b75885ef: Pull complete
8ffa7aaef404: Pull complete
15132af73342: Pull complete
aaf3b07565c2: Pull complete
736f7bc16867: Pull complete
94da21e53a5b: Pull complete
Digest: sha256:fc1317aa13ce8f97e513dc55dff468ab98a806e8b21d61d1e1e3460ebb334278
Status: Downloaded newer image for python:latest
Analyzing image...
Building cache...
┃ ● Layers ┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ │ Current Layer Contents ├────────────────────────────────────────────────────
Cmp Size   Command                                                             Permission UID:GID Size   Filetree
    69 MB  FROM c58e66ca80f6e13                                                drwxr-xr-x   0:0   4.9 MB ├── bin
    7.1 MB set -eux; apt-get update; apt-get install -y --no-install-recomm    -rwxr-xr-x   0:0   1.2 MB │   ├── bash
    29 MB  set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update     -rwxr-xr-x   0:0   44 kB  │   ├── cat
     0 B   set -eux; for src in idle3 pydoc3 python3 python3-config; do ds     -rwxr-xr-x   0:0   64 kB  │   ├── chgrp
     11 MB set -eux; savedAptMark="$(apt-mark showmanual)"; apt-get update     -rwxr-xr-x   0:0   64 kB  │   ├── chmod
                                                                               -rwxr-xr-x   0:0   72 kB  │   ├── chown
│ Layer Details ├───────────────────────────────────────────────────────────── -rwxr-xr-x   0:0   147 kB │   ├── cp
                                                                               -rwxr-xr-x   0:0   122 kB │   ├── dash
Tags:   (unavailable)                                                          -rwxr-xr-x   0:0   109 kB │   ├── date
Id:     c58e66ca80f6e13925db367086a54827f262fe7c22d1fd4e6585844d5dc629df       -rwxr-xr-x   0:0   77 kB  │   ├── dd
Digest: sha256:e06e631d87d6fc3c91d07f74daac9737a5a1ea33497c41efd61cb6711fec77a -rwxr-xr-x   0:0   94 kB  │   ├── df
2                                                                              -rwxr-xr-x   0:0   139 kB │   ├── dir
Command:                                                                       -rwxr-xr-x   0:0   84 kB  │   ├── dmesg
#(nop) ADD file:782d864aa72c2d5fb599311ebae56db4067d2e91ff532c1aaf1a291c3dbce5 -rwxrwxrwx   0:0    0 B   │   ├── dnsdomainname → hostname
bb in /                                                                        -rwxrwxrwx   0:0    0 B   │   ├── domainname → hostname
                                                                               -rwxr-xr-x   0:0   40 kB  │   ├── echo
│ Image Details ├───────────────────────────────────────────────────────────── -rwxr-xr-x   0:0   28 B   │   ├── egrep
                                                                               -rwxr-xr-x   0:0   35 kB  │   ├── false
                                                                               -rwxr-xr-x   0:0   28 B   │   ├── fgrep
Total Image size: 117 MB                                                       -rwxr-xr-x   0:0   69 kB  │   ├── findmnt
Potential wasted space: 6.8 MB                                                 -rwxr-xr-x   0:0   199 kB │   ├── grep
Image efficiency score: 95 %                                                   -rwxr-xr-x   0:0   2.3 kB │   ├── gunzip
                                                                               -rwxr-xr-x   0:0   6.4 kB │   ├── gzexe
Count Total Space Path                                                         -rwxr-xr-x   0:0   98 kB  │   ├── gzip
   4      3.1 MB  /var/cache/debconf/templates.dat                             -rwxr-xr-x   0:0   27 kB  │   ├── hostname
   3      2.3 MB  /var/cache/debconf/templates.dat-old                         -rwxr-xr-x   0:0   69 kB  │   ├── ln
   4      322 kB  /var/lib/dpkg/status                                         -rwxr-xr-x   0:0   57 kB  │   ├── login
   4      322 kB  /var/lib/dpkg/status-old                                     -rwxr-xr-x   0:0   139 kB │   ├── ls
   3      243 kB  /var/log/dpkg.log                                            -rwxr-xr-x   0:0   109 kB │   ├── lsblk
   2      234 kB  /lib/x86_64-linux-gnu/                         -rwxr-xr-x   0:0   89 kB  │   ├── mkdir
   3      95 kB   /var/log/apt/term.log                                        -rwxr-xr-x   0:0   68 kB  │   ├── mknod
   4      54 kB   /var/cache/debconf/config.dat                                -rwxr-xr-x   0:0   44 kB  │   ├── mktemp
   4      29 kB   /etc/                                             -rwxr-xr-x   0:0   43 kB  │   ├── more

You can fully explore the above shown file tree by using arrow keys. Press Ctrl+C to exit the prompt.

Below are the important key bindings you can use with the dive tool.

Key BindingDescription
Ctrl + CExit
TabSwitch between the layer and filetree views
Ctrl + FFilter files
PageUpScroll up a page
PageDownScroll down a page
Ctrl + ALayer view: see aggregated image modifications
Ctrl + LLayer view: see current layer modifications
SpaceFiletree view: collapse/uncollapse a directory
Ctrl + SpaceFiletree view: collapse/uncollapse all directories
Ctrl + RFiletree view: show/hide removed files
Ctrl + M Filetree view: show/hide modified files
Ctrl + U Filetree view: show/hide unmodified files
Ctrl + BFiletree view: show/hide file attributes

You can also build your image and analyze it by using below command.

dive build -t <some-tag> .

You can also think to run this in your CI pipeline to ensure you're keeping wasted space to a minimum (this skips the UI):

CI=true dive <your-image>

To know more about all the available options with dive, you can do dive --help as shown below.

cyberithub@ubuntu:~$ dive --help
This tool provides a way to discover and explore the contents of a docker image. Additionally the tool estimates
the amount of wasted space and identifies the offending files from the image.

dive [IMAGE] [flags]
dive [command]

Available Commands:
build Builds and analyzes a docker image from a Dockerfile (this is a thin wrapper for the `docker build` command).
help Help about any command
version print the version number and exit (also --version)

--ci Skip the interactive TUI and validate against CI rules (same as env var CI=true)
--ci-config string If CI=true in the environment, use the given yaml to drive validation rules. (default ".dive-ci")
--config string config file (default is $HOME/.dive.yaml, ~/.config/dive/*.yaml, or $XDG_CONFIG_HOME/dive.yaml)
-h, --help help for dive
--highestUserWastedPercent string (only valid with --ci given) highest allowable percentage of bytes wasted (as a ratio between 0-1), otherwise CI validation will fail. (default "0.1")
--highestWastedBytes string (only valid with --ci given) highest allowable bytes wasted, otherwise CI validation will fail. (default "disabled")
-j, --json string Skip the interactive TUI and write the layer analysis statistics to a given file.
--lowestEfficiency string (only valid with --ci given) lowest allowable image efficiency (as a ratio between 0-1), otherwise CI validation will fail. (default "0.9")
--source string The container engine to fetch the image from. Allowed values: docker, podman, docker-archive (default "docker")
-v, --version display version number

Leave a Comment