Documentation
¶
Overview ¶
Package analyzer provides Docker image analysis capabilities. It reads OCI-compatible images (local or remote), extracts layer information, builds file trees, and produces audit reports.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditReport ¶
type AuditReport struct {
// ImageRef is the image reference that was audited.
ImageRef string `json:"image_ref"`
// TotalSize is the total compressed image size in bytes.
TotalSize int64 `json:"total_size"`
// TotalSizeMB is the total size in megabytes.
TotalSizeMB float64 `json:"total_size_mb"`
// LayerCount is the total number of non-empty layers.
LayerCount int `json:"layer_count"`
// Layers contains per-layer analysis.
Layers []LayerInfo `json:"layers"`
// Ecosystems detected in the image.
Ecosystems *ecosystem.DetectResult `json:"ecosystems"`
// Duplicates are files found in multiple layers.
Duplicates []DuplicateFile `json:"duplicates,omitempty"`
// SecretFiles lists files that look like they may contain secrets.
SecretFiles []string `json:"secret_files,omitempty"`
// Recommendations are actionable suggestions to reduce image size.
Recommendations []Recommendation `json:"recommendations"`
// SavingsMB is the total estimated savings in megabytes.
SavingsMB float64 `json:"savings_mb"`
// SavingsPercent is the percentage of total size that could be saved.
SavingsPercent float64 `json:"savings_percent"`
}
AuditReport is the complete result of an image audit.
type CompareReport ¶
type CompareReport struct {
// ImageA is the first image reference.
ImageA string `json:"image_a"`
// ImageB is the second image reference.
ImageB string `json:"image_b"`
// SizeA is the size of image A in bytes.
SizeA int64 `json:"size_a"`
// SizeB is the size of image B in bytes.
SizeB int64 `json:"size_b"`
// Reduction is the size difference in bytes (positive = B is smaller).
Reduction int64 `json:"reduction"`
// ReductionPercent is the percentage reduction.
ReductionPercent float64 `json:"reduction_percent"`
// LayersA is the number of layers in image A.
LayersA int `json:"layers_a"`
// LayersB is the number of layers in image B.
LayersB int `json:"layers_b"`
// NewLayersInB is the count of layers in B not present in A.
NewLayersInB int `json:"new_layers_in_b"`
// RemovedLayersInB is the count of layers in A not present in B.
RemovedLayersInB int `json:"removed_layers_in_b"`
SharedBaseLayers int `json:"shared_base_layers"`
}
CompareReport holds the result of comparing two images.
type DuplicateFile ¶
type DuplicateFile struct {
// Path is the file path within the image.
Path string `json:"path"`
// Size is the file size in bytes.
Size int64 `json:"size"`
// Layers lists the layer indices where this file appears.
Layers []int `json:"layers"`
}
DuplicateFile represents a file found in multiple layers.
func DetectDuplicates ¶
func DetectDuplicates(layers []LayerInfo) []DuplicateFile
DetectDuplicates finds files that appear in more than one layer. This catches the common case where files are silently copied across layers (e.g., in `RUN apt-get` chains or repeated COPY instructions). Results are sorted by size descending so the biggest wasted space appears first.
type FileEntry ¶
type FileEntry struct {
Path string `json:"path"`
Size int64 `json:"size"`
IsDir bool `json:"is_dir"`
Mode int64 `json:"mode"`
Link string `json:"link,omitempty"`
}
FileEntry represents a single file found in a layer.
type ImageAnalyzer ¶
type ImageAnalyzer struct {
// TopFilesPerLayer controls how many top files to show per layer.
TopFilesPerLayer int
// ThresholdBytes is the minimum file size to flag.
ThresholdBytes int64
// ScanSecrets enables scanning for files that may contain secrets.
ScanSecrets bool
}
ImageAnalyzer loads and analyzes Docker images.
func NewImageAnalyzer ¶
func NewImageAnalyzer(topFiles int, thresholdMB float64) *ImageAnalyzer
NewImageAnalyzer creates an analyzer with the given settings.
func (*ImageAnalyzer) AnalyzeImage ¶
func (a *ImageAnalyzer) AnalyzeImage(imageRef string, isRemote bool) (*AuditReport, error)
AnalyzeImage loads and analyzes a Docker image, returning a full report.
func (*ImageAnalyzer) CompareImages ¶
func (a *ImageAnalyzer) CompareImages(imageRefA, imageRefB string, isRemote bool) (*CompareReport, error)
CompareImages compares two Docker images and returns a comparison report.
type LayerInfo ¶
type LayerInfo struct {
// Index is the layer position (0 = base layer).
Index int `json:"index"`
// Instruction is the Dockerfile command that created this layer.
Instruction string `json:"instruction"`
// Size is the compressed layer size in bytes.
Size int64 `json:"size"`
// FileCount is the total number of files in this layer.
FileCount int `json:"file_count"`
// TopFiles are the largest files in this layer (above threshold).
TopFiles []FileEntry `json:"top_files,omitempty"`
// AllFiles is the complete file list (used internally, not serialized).
AllFiles []FileEntry `json:"-"`
// IsEmpty indicates if this is a metadata-only layer (e.g., ENV, LABEL).
IsEmpty bool `json:"is_empty"`
}
LayerInfo holds analysis data for a single image layer.
func (*LayerInfo) DeltaLabel ¶
DeltaLabel returns a human-readable label for the layer delta.
type Recommendation ¶
type Recommendation struct {
// Title is a short one-line summary.
Title string `json:"title"`
// Detail is a longer explanation.
Detail string `json:"detail"`
// SavingsMB is the estimated savings from applying this recommendation.
SavingsMB float64 `json:"savings_mb"`
// Priority is the recommendation priority (1 = highest).
Priority int `json:"priority"`
}
Recommendation is a single actionable suggestion.
Source Files