← All open source projects

dive

wagoodman/dive

dive is a tool for inspecting Docker/OCI image layers and finding ways to reduce image size.

GitHub · 54,253 stars
Forks 1,988
Author wagoodman
Language Go
License Unknown
Synced 2026-06-27

What it is

dive is a tool for analyzing Docker/OCI images layer by layer. It shows image contents, changes between layers, and places where the final size can be reduced.

The project grew around a common container problem: an image works, but nobody understands why it is so large. A Dockerfile may contain only a few lines, while caches, temporary files, and extra dependencies remain inside.

dive makes the invisible visible. Instead of guessing, a user opens an image, moves through layers, and sees which files were added, changed, or removed at each build step.

What is inside the repository

The repository contains the Go application, installation instructions, basic feature descriptions, CI integration, key bindings, and interface configuration.

The tool is useful both locally and in build checks. Locally, it helps developers understand what happened to an image; in CI, it can stop a change if image efficiency worsens beyond an allowed threshold.

How people usually use it

A normal scenario: build an image, run dive with a tag or id, inspect layers, and find large directories that can be removed, combined, or moved into another build stage.

For teams, dive is especially useful as a learning tool. After a few inspections, it becomes clearer why Dockerfile command order affects size and caching.

Layer-by-layer image analysis

The command opens an interactive image view. The goal is to see which layer added files and where the final size can be reduced.

Language: Bash 
dive my-image:latest

What it feels like in practice

The project’s strength is visibility. A layer table and file tree explain the problem faster than a dry line with the final image size.

Another advantage is the ability to integrate checks into the build process. If a team wants to keep images compact, automated evaluation helps avoid postponing cleanup.

Limits and careful spots

The limitation is that dive shows consequences but does not fix build architecture for the developer. Users still need to understand multi-stage builds, package manager caches, and base image contents.

The tool also does not replace security scanning. A small image is not automatically safe, and a large image is not always bad; size is only one quality signal.

Who it fits

dive best fits developers and DevOps engineers who regularly build containers and want to understand where space goes inside an image.

In the catalog, dive matters as a precise tool for infrastructure hygiene: it does not build containers itself, but helps reveal what actually ended up inside.