🐳 How to Inspect Docker Images – Complete Guide with Examples & FAQs

Inspecting Docker images is essential when you want to understand, debug, or optimize containerized applications. Docker provides several built-in commands that help you analyze image metadata, layers, and runtime configurations.

This guide walks you through the most effective ways to inspect Docker images — with real code outputs, useful tips, and clear FAQs to help you master Docker image inspection! 🚀

---

🧠 What Is Docker Image Inspection?

Inspecting a Docker image means exploring its metadata, such as:

• Base OS and image layers
• Entrypoint and default commands
• Environment variables
• Labels and author info

These details help you understand how an image is constructed and how it behaves when run.

---

🔍 Method 1: Using docker inspect

The docker inspect command returns detailed metadata about Docker images in JSON format.

🔹 Syntax:

docker inspect <image_name_or_id>

🧪 Example:

docker inspect nginx

📤 Output (truncated for readability):

[
  {
    "Id": "sha256:ad4c705f24...",
    "RepoTags": [
      "nginx:latest"
    ],
    "Created": "2024-03-22T14:00:35.825Z",
    "Architecture": "amd64",
    "Os": "linux",
    "Config": {
      "Env": [
        "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
        "NGINX_VERSION=1.25.3"
      ],
      "Entrypoint": [
        "/docker-entrypoint.sh"
      ],
      "Cmd": [
        "nginx",
        "-g",
        "daemon off;"
      ]
    }
  }
]

✅ Tip: Use | jq at the end to prettify and parse the JSON:

docker inspect nginx | jq

---

🧠 Extract Specific Info Using --format

You can filter specific data fields using the --format flag with Go templating.

🎯 Get Creation Date:

docker inspect --format='{{.Created}}' nginx

📤 Output:

2024-03-22T14:00:35.825Z

---

🎯 Get Environment Variables:

docker inspect --format='{{.Config.Env}}' nginx

📤 Output:

[PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin NGINX_VERSION=1.25.3]

---

🎯 Get Entrypoint:

docker inspect --format='{{.Config.Entrypoint}}' nginx

📤 Output:

[/docker-entrypoint.sh]

---

🧱 Method 2: View Layers with docker history

The docker history command shows how an image was built layer by layer.

🔹 Syntax:

docker history <image_name>

🧪 Example:

docker history nginx

📤 Output:

IMAGE          CREATED         CREATED BY                                      SIZE      COMMENT
ad4c705f24...  3 days ago      /bin/sh -c #(nop)  CMD ["nginx" "-g" "daemo...  0B        
<missing>      3 days ago      /bin/sh -c #(nop)  ENTRYPOINT ["/docker-ent...  0B        
<missing>      3 days ago      /bin/sh -c #(nop)  ENV NGINX_VERSION=1.25.3    0B        
<missing>      3 days ago      /bin/sh -c set -x && addgroup ...              53.4MB    
...

📌 This is super helpful when you want to reverse-engineer how an image was built.

---

🏷️ Method 3: docker image inspect

This is an alias that works just like docker inspect but explicitly targets images.

🧪 Example:

docker image inspect alpine

📤 Output (truncated):

[
  {
    "Id": "sha256:c1681b5f5c...",
    "RepoTags": ["alpine:latest"],
    "Os": "linux",
    "Architecture": "amd64",
    "Config": {
      "Cmd": ["/bin/sh"]
    }
  }
]

---

🔎 Method 4: Explore with dive (Advanced CLI Tool)

dive is an open-source tool for exploring Docker image layers interactively.

🔹 Install Dive:

sudo apt install dive     # Debian/Ubuntu
brew install dive         # macOS

🧪 Example:

dive nginx

🖼️ Output:

You’ll see a terminal-based UI showing:

• Each image layer
• File additions/changes
• Efficiency metrics
• Commands used to create layers

🚀 Dive is perfect for optimizing and auditing Docker images.

---

📋 Breakdown of Common docker inspect Fields

Field	Description
Id	Unique image hash
RepoTags	Tags like nginx:latest
Created	Timestamp of image creation
Architecture	System architecture (amd64)
Os	Operating system
Config.Env	List of environment variables
Config.Cmd	Default command executed
Config.Entrypoint	Entrypoint script/command
RootFS	Layer structure

---

🧑‍💻 Final Thought

Docker image inspection is your first step to understanding what your containers are actually running. Whether you’re checking environment variables, entrypoints, or layer sizes, these tools can help you debug, optimize, and secure your Docker workflows.

🔍 Try combining docker inspect, docker history, and dive for a full 360° view of your images!

🙋 Frequently Asked Questions (FAQs)

❓ Can I inspect images from Docker Hub without pulling them?

No, docker inspect works only on local images. To inspect remote images, use tools like:

• skopeo
• Docker Hub Web UI (for basic metadata)

---

❓ What’s the difference between docker inspect and docker image inspect?

Functionally identical for images:

• docker inspect is universal (containers, volumes, images, etc.)
• docker image inspect focuses solely on images.

---

❓ How can I find the base image?

Use:

docker history <image_name>

Look for the bottom-most layer, which often represents the base (like alpine, ubuntu, etc.).

---

❓ Can I view the original Dockerfile?

Not directly. Docker doesn’t store Dockerfiles in images. However:

• docker history and dive help you reconstruct it.
• Some maintainers include the Dockerfile in image labels or documentation.

---

❓ How do I list all local Docker images?

Run:

docker images

or:

docker image ls

---