Container image inspection and analysis tools using skopeo and podman.
This plugin provides commands to inspect, analyze, and compare container images from any OCI-compliant registry. It leverages skopeo and podman to provide detailed insights into image structure, manifest lists, layers, and configuration without requiring full image pulls.
- Image Inspection: Detailed breakdown of image metadata, layers, and configuration
- Image Comparison: Compare two images to identify differences
- Tag Discovery: List and analyze available tags for a repository
Inspect and provide detailed breakdown of a container image.
Usage:
/container-image:inspect <image>Examples:
/container-image:inspect quay.io/openshift-release-dev/ocp-release:4.20.0-multi
/container-image:inspect registry.redhat.io/ubi9/ubi:latest
/container-image:inspect docker.io/library/nginx@sha256:abc123...What it shows:
- Inferred image purpose and context based on metadata analysis
- Image digest and basic metadata
- Architecture and OS information
- Manifest type (single image vs manifest list)
- For multi-arch images: all available platforms with per-platform digests, sizes, and layer counts
- Platform comparison (size ranges, architecture list)
- Size breakdown and layer details
- Configuration (environment, entrypoint, ports, volumes)
- Labels and annotations
- Usage examples for pulling specific platforms
See commands/inspect.md for full documentation.
Compare two container images to identify differences.
Usage:
/container-image:compare <image1> <image2>Examples:
/container-image:compare quay.io/myapp:v1.0.0 quay.io/myapp:v2.0.0
/container-image:compare registry.prod.example.com/myapp:latest registry.staging.example.com/myapp:latestWhat it shows:
- Whether images are identical (digest match)
- Metadata differences (creation date, size)
- Layer analysis (added, removed, modified layers)
- Configuration changes (environment variables, labels, entrypoint)
- Size impact
- Summary of significant changes
See commands/compare.md for full documentation.
List and analyze available tags for a container image repository.
Usage:
/container-image:tags <repository>Examples:
/container-image:tags quay.io/openshift-release-dev/ocp-release
/container-image:tags docker.io/library/nginxWhat it shows:
- All available tags for the repository
- Tag metadata (creation date, size, architecture)
- Tag categorization (version, date-based, special tags)
- Recent tags and update patterns
- Recommendations for tag selection
- Duplicate tags (same digest, different names)
See commands/tags.md for full documentation.
-
Add the marketplace (if not already added):
/plugin marketplace add openshift-eng/ai-helpers
-
Install the container-image plugin:
/plugin install container-image@ai-helpers
-
Use the commands:
/container-image:inspect quay.io/openshift-release-dev/ocp-release:4.20.0-multi
skopeo - Primary tool for image inspection
- Check if installed:
which skopeo - Installation:
- RHEL/Fedora:
sudo dnf install skopeo - Ubuntu/Debian:
sudo apt-get install skopeo - macOS:
brew install skopeo
- RHEL/Fedora:
- Documentation: https://github.com/containers/skopeo
podman - Additional image analysis capabilities
- Installation:
- RHEL/Fedora:
sudo dnf install podman - Ubuntu/Debian:
sudo apt-get install podman - macOS:
brew install podman
- RHEL/Fedora:
- Documentation: https://podman.io/
dive - Interactive layer analysis (for /container-image:compare)
- Installation: https://github.com/wagoodman/dive
- Provides detailed layer-by-layer exploration
For private registries, authenticate before running commands:
# Using skopeo
skopeo login registry.example.com
# Using podman (if installed)
podman login registry.example.comAuthentication is typically stored at ~/.docker/config.json or ${XDG_RUNTIME_DIR}/containers/auth.json.
-
Version Selection: Find the right image version for your deployment
/container-image:tags quay.io/myapp /container-image:inspect quay.io/myapp:v2.1.0
-
Multi-Arch Development: Verify architecture support before deployment
/container-image:inspect registry.redhat.io/ubi9/ubi:latest
The inspect command automatically detects and shows all available platforms for multi-arch images.
-
Update Analysis: Understand changes before upgrading
/container-image:compare myapp:current myapp:latest
-
Deployment Issues: Verify correct image is being used
/container-image:inspect <failing-image>
-
Architecture Mismatches: Check platform compatibility
/container-image:inspect <image>
For multi-arch images, this will show all available platforms and their digests.
-
Size Issues: Identify what's consuming space
/container-image:inspect <large-image> /container-image:compare <old-image> <new-image>
-
Image Verification: Confirm image authenticity via digest
/container-image:inspect myapp@sha256:abc123...
-
Change Tracking: Document what changed between versions
/container-image:compare prod:v1.0.0 prod:v1.1.0
-
Registry Migration: Verify images copied correctly
/container-image:compare source.registry.com/app:v1 dest.registry.com/app:v1
# 1. List available versions
/container-image:tags quay.io/myapp
# 2. Inspect the new version (shows all architectures if multi-arch)
/container-image:inspect quay.io/myapp:v2.0.0
# 3. Compare with current version
/container-image:compare quay.io/myapp:v1.5.0 quay.io/myapp:v2.0.0# 1. Check if image is multi-arch and see all platforms
/container-image:inspect quay.io/myapp:latest
# 2. Inspect specific platform by digest
/container-image:inspect quay.io/myapp@sha256:<arm64-digest>
# 3. Compare platforms
/container-image:compare quay.io/myapp@sha256:<amd64-digest> quay.io/myapp@sha256:<arm64-digest># 1. Inspect current image
/container-image:inspect myapp:latest
# 2. Compare with previous version
/container-image:compare myapp:v1.0.0 myapp:latest
# 3. Identify which layers added size
# (Layer analysis in the comparison output)- Use digests for production:
myapp@sha256:abc123...(immutable) - Use tags for development:
myapp:latest(convenient but mutable) - Be specific:
myapp:v1.2.3is better thanmyapp:v1
- Use
/container-image:inspectto check platform support - it automatically detects and displays all available architectures - Pull specific platforms when needed:
podman pull --platform=linux/arm64 <image> - Verify all platforms are updated in manifest lists by comparing platform digests
skopeo inspectdoesn't pull the full image (fast and efficient)- For large repositories,
/container-image:tagsmay sample tags - Use
--filteroptions to narrow results for large tag lists
- Always verify image digests match expectations
- Check for unexpected configuration changes with
/container-image:compare - Use
/container-image:inspectto review labels and metadata
plugins/container-image/
├── .claude-plugin/
│ └── plugin.json # Plugin metadata
├── commands/
│ ├── inspect.md # Image inspection command
│ ├── compare.md # Image comparison command
│ └── tags.md # Tag listing command
└── README.md # This file
To add a new command to this plugin:
-
Create a new markdown file in
commands/:touch plugins/container-image/commands/your-command.md
-
Follow the structure from existing commands (see
commands/inspect.md) -
Include these sections:
- Name
- Synopsis
- Description
- Prerequisites
- Implementation
- Return Value
- Examples
- Error Handling
- Notes
- Arguments
-
Test your command:
/container-image:your-command
Test commands with various image types:
- Public images (docker.io, quay.io)
- Private registries (requires authentication)
- Multi-arch images (manifest lists)
- Single-arch images
- Large images (layer analysis)
- Different registries (Red Hat, Quay, Docker Hub)
Contributions are welcome! When adding new container image analysis commands:
- Ensure the command provides unique value not covered by existing commands
- Follow the existing command structure and documentation format
- Include comprehensive examples and error handling
- Test with multiple registries and image types
- Update this README with new command documentation
See LICENSE for details.