Explore and analyze a Docker container using the DockerSlim xray command

Prerequisites to complete this example

  1. Basic knowledge of Linux commands and a terminal
  2. Docker Desktop installed on your host machine.
  3. A text editor or browser to view .JSON files
Understand what’s inside a Docker container

Download and test DockerSlim

Note: This example was developed on macOS. The code in this article is shared in screenshots —please visit https://johnslimai.github.io to copy & paste.

  • Create a folder and copy the files from the DockerSlim download into the folder. My folder looks like this.
  • Run DockerSlim to check if it’s working.

Type docker-slim help into a terminal window.

Note: I added the folder path I created to the /etc/paths file. If the directory where you extracted the binaries is not in your PATH then you’ll need to run your docker-slim commands from that directory. You can type ./docker-slim help to run DockerSlim in this case.

  • DockerSlim has a cool menu driven command line. To try that:

Type docker-slim into a terminal window then type help at the interactive prompt

We use the xray command for this example.

Find a publicly available container on DockerHub to examine with DockerSlim xray

I decided to use a container with nuxt.js and node.js for this example. Nuxt.js is gaining popularity as a web app framework for vue.js. My team has been working with nuxt.js lately, so its interesting to me.

  • Open DockerHub and type nuxt into the search bar. You can also just click this link:


I selected the first result for simplicity. It’s been downloaded a bunch of times and seems to have nuxt.js and node.js foundations and a decent GitHub page.

  • Pull the container using the Docker Pull Command

From a terminal window type docker pull gerardojunior/nuxtjs

Note: You need Docker Desktop installed on your host to continue this example.

After the pull command completes, check to see that the image is loaded using the docker images command

Run the DockerSlim xray command on the target container

From a terminal window type xray --target gerardojunior/nuxtjs:latest

DockerSlim creates a .json report file named slim.report.json

Examine the DockerSlim xray results

  • Basic facts about this container found in the xray report

Created date = 2/1/2019 — the image has not been updated in 2 years
Image Size = 69MB
Exposed Ports = 3000/TCP

From the slim.report.json file:

  • Exploring the container’s layers listed in the xray report

The report file contains a listing (“image_stack label”) of the docker image layers ordered by layer detailing Dockerfile command(s) that contributed to each layer.

Find the image_stack: array in the slim.report.json file.

This container has a single image. Each Dockerfile command is listed in the "instructions": array. In the snippet below notice that the "ADD" instruction contibuted to "layer_index": 0,. Peruse the report to find the total number if layer indices. This container has a total of 8 layers.

The image layer information listed in the "image_layers": array is useful for understanding what files and consequently what software and related files are in the container. The layer information is organized by index indicated by the "index": tag. Search for index 0 in the image layers list.

Layer 0

Seek the "top": tag and you can view the files contained in layer 0. Layer 0 is comprised of common Linux OS files from the Alpine base image.

Layer 1

Layer 1 contains files associated with node.js. It is the largest layer (56.8MB) and contains the largest single file usr/local/bin/node (36.4MB). This file is the node.js executable binary image.

Layer 2

Layer 2 contains the files associated with the popular package manager Yarn. Yarn is used to configure this container for nuxt.js and also allows developers using this container to easily add and manage packages.

Note: Package managers are good to include in containers for development purposes but should generally be stripped out of production containers to ensure immutability and adhere to production-ready container best practices.

Layers 6,7 and 8

Layers 6,7 and 8 include the container entrypoint definition and the .sh scripts for nuxt.js.

Layer 6 snippet showing the ENTRYPOINT command

Layer 7 snippet showing the nuxt.js entrypoint shell script (opt/tools/entrypoint-nuxtjs.sh)

From this analysis, we can see this container is primarily composed of:

  • Remnants of Alpine Linux including the busybox toolkit
  • Node.js and related packages
  • The Yarn package manager
  • Scripts and other tools to configure nuxt.js and set the entry point to invoke nuxt.

DockerSlim Resources

If you want to learn lots more about DockerSlim look here:


The full details of the DockerSlim xray command can be found here:


Originally published at https://johnslimai.github.io.




John is the CEO of Slim.AI, a stealth-mode startup in the DevOps space & a technologist/product leader w/ 25+ years of experience in SaaS, InfoSec & networking.

Love podcasts or audiobooks? Learn on the go with our new app.

Programming Question : Leetcode 11

How I Fell in Love (Again) with Linux on a Weekend

Jupyter notebook to Dashboard using GitHub

Taking ownership of the Workday release schedule

How To Maintain Your Dallas Commercial Garage Door

How to Create AWS Load Balancer Step-by-Step

And if we write ‘ls * .c’, in our Shell what would happen?

ls *.c

A simple guide on setting up and using Apple’s CloudKit framework.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
John Amaral

John Amaral

John is the CEO of Slim.AI, a stealth-mode startup in the DevOps space & a technologist/product leader w/ 25+ years of experience in SaaS, InfoSec & networking.

More from Medium

Hands-on with AWX

Setting up SSH server on WSL

How to manage your Docker containers with Portainer

Container Monitoring Guide: Using Cadvisor, Prometheus And Grafana For Easy Docker Container…