Comparing changes between your container versions
While containers are (usually) immutable, software is not. Apps, libraries, dependencies, and metadata change all the time in container images, and keeping track of those changes is a daunting task.
Container Diff lets you easily see a Git-like diff between one container version and another. It provides a Git-like comparison that developers are familiar with and that can be used in the following ways:
The Container Diff feature can be accessed in several ways.
From any container profile, you'll find a list of available version tags.
On the right side of the column, you'll find a list of icons. Clicking the "Compare to other versions" icon will bring you to a screen where you can choose which versions to compare.
Choose the versions you want to diff and click "Compare". The Slim platform will begin analyzing each image and bring you to the comparison screen.
You can also diff completely different images. While it might not make sense to diff python:latest and node:latest, this feature is useful if your workflow doesn't allow you to easily tag new versions of your images, or if you are comparing various 3rd-party images of the same core technology.
To do so, find the image you want to compare and visit its profile page. Click the "compare versions" icon on the image tag and then go to the "Compare Images" tab on the version selection screen.
From the UI, select a second image to compare to. You can choose from any public registry or even from your own private connections.
If you have Connectors set up to import container images from your own public or private registries (i.e., Docker Hub, AWS ECR, GCR, etc), you can compare those versions or images the same way you would public images. Simply navigate to the container image profile screen and click the Compare icon on one of the versions you'd like to diff.
Once the images are analyzed, you'll be brought to the comparison screen where you can access various comparisons of the two images.
In File System tab in the left navigation, you'll find a file-by-file, color-coded comparison showing any added, deleted, or modified files between the container images. Filters in the sub-navigation bar allow you to trim the list to just specific file attributes (added, deleted, or modified; binary or text files).
Clicking on any individual file will provide metadata about that file. If the file is a TEXT file, you can even see a GitHub-like diff of any modifications.
Modified text files can be examined directly to see changes.
The Image Metadata tab provides a side-by-side comparison of key data generated by the Slim analysis tools. This information includes version info, size, layer information, and several other pieces of useful info generally available in the Slim Container Profiles.
Unified Diff
The Unified Diff view combines data from all the other views into a developer-friendly, GitHub-like summary of the changes between the containers. This includes the Dockerfile, Metadata, and File System changes. This view can be downloaded and even stored in a version control system like GitHub or GitLab to track changes over time.
Clicking on files will open a side-by-side diff similar to File Contents tab described above.
The Dockerfile diff compares generated Dockerfile outputs of each image version. Like the generated Dockerfile in the Container Profiles, these are not meant to be used to create images, but rather can highlight differences in Instructions, Files, or Layer creation as detected by our build analysis tools.
The Vulnerabilities Diff uses two best-in-class open source scanners, Grype and Trivy, to show a detailed comparison of container vulnerabilities by scanner and risk level. The vulnerabilities in-line comparison flags vulnerabilities that have an available fix, and gives direct links to the CVE pages where you can get all the details about each specific vulnerability. Learn more about the Vulnerabilities Diff >
Container Diff is particularly useful for teams managing change in their container pipelines. If you're interested in using Container Diff at scale with your team, contact us at [email protected] to learn more about our Design Partner program.
$1
');
field.innerHTML = formattedHtml;
});
});