Home > Mobile >  Docker image - universal way to list packages installed in an image by analyzing the binary only, wi
Docker image - universal way to list packages installed in an image by analyzing the binary only, wi

Time:11-15

For base images always pointing to latest, I have to check regularly to make sure which package is at which level. Need to automate this.

When it's impossible to run the image first(for example, when entrypoint is defined as java -jar), I cannot easily run the container and run rpm -it. I have to create a project, create a main class doing some long-running job, set all the things in Maven jib plugin, build and run it, and docker exec xxx rpm -it or dpkg --list. It's inconvenient.

I have tried dive, I see things but I cannot view the content. I can docker save -o foo.tar and try to extract files from there, but it's inconvenient. Besides, I am not aware of any file containing a list of packages installed. Is there any?

Tried docker history, not very helpful.

I would like a feature from docker to list all packages and versions, for vulnerability checks, delegating the listing of packages to rpm or dpkg depending on the availability of any one of them.

dockerfile can be inaccessible if the image comes from some remote registry. Needs to analyze the binary.

CodePudding user response:

If the default ENTRYPOINT of a given image is on your way for a particular operation, you can unilaterally decide to change it to whatever you want at run time, even to totally drop it.

In your particular case, this should do the trick:

docker run -it --rm --entrypoint '' <your_image> rpm -it

Change the final command to the one you need. You can even run bash and interactively enter your own set of commands to inspect.

  • Related