container-diff is an OCI container image analysis and differencing tool used to audit image composition and identify changes between images. It functions as an image analysis tool for listing files, sizes, and metadata, and as a comparison utility to detect differences in file systems, layer histories, and installed packages.
The main features of googlecloudplatform/container-diff are: Image Differencing, Container Image Analysis, Package Composition Analysis, Package Parsers, Security Auditing, Cross-Image File Differencing, Package Version Comparators, Layer Analysis.
Open-source alternatives to googlecloudplatform/container-diff include: googlecontainertools/container-diff — Container-diff is a command-line utility designed to inspect and compare the internal composition of container images.… projectatomic/skopeo — Skopeo is a command line utility for inspecting, copying, and managing OCI and Docker container images across… googlecontainertools/kaniko — Kaniko is an OCI container image builder that executes Dockerfiles in userspace without requiring a privileged daemon.… bridgecrewio/checkov — Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as… leebaird/discover — Discover is an integrated suite of security tools designed for penetration testing, container auditing, payload… nikivdev/go — This project is a suite of utilities for binary installation, container build analysis, workspace state persistence,…
Container-diff is a command-line utility designed to inspect and compare the internal composition of container images. It functions as an auditor for containerized environments, providing visibility into the filesystem structure, installed software packages, and configuration metadata of individual images or differences between two distinct builds. The tool distinguishes itself through its ability to perform granular analysis across container layers, allowing users to trace build history and identify specific configuration drift. By supporting registry-agnostic image fetching and modular anal
Skopeo is a command line utility for inspecting, copying, and managing OCI and Docker container images across registries and local storage. It functions as a container image tool and registry manager that performs these operations without requiring a background daemon to be running on the host. The tool specializes in daemonless image manipulation, allowing users to retrieve metadata, manifests, and tags from remote registries without pulling the full image locally. It provides capabilities for mirroring external repositories to internal registries for air-gapped deployments and manages the t
Kaniko is an OCI container image builder that executes Dockerfiles in userspace without requiring a privileged daemon. It is designed as a Kubernetes-native image builder, allowing for the construction and pushing of images to registries from within a cluster or container. The tool ensures reproducible build generation by stripping timestamps from image layers, guaranteeing that identical source inputs produce the same image identifier. It supports multi-architecture image building, allowing for the creation of images compatible with various hardware and operating systems from a single proces
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security