Slim down your Docker images with the power of AI.
Container Diet is a futuristic, AI-powered CLI tool that analyzes your Docker images and Dockerfiles to provide actionable, "sassy but helpful" optimization advice. It helps you reduce image size, improve security, and follow best practices.
- ๐ง AI-Driven Analysis: Uses OpenAI (GPT-4o) to provide human-level, context-aware optimization tips.
- ๐ณ Docker-Themed UI: Beautiful CLI output with Docker-brand colors and nautical icons.
- ๐ Flexible Image Source: Analyze local daemon images, pull remote images with
--remote, or auto-pull missing local images with--pull-missing. - ๐ก๏ธ Security Focused: Detects root user violations, exposed secrets, and unnecessary packages.
- ๐ ๏ธ Auto-Fix: Automatically generate an optimized version of your Dockerfile with the
--auto-fixflag. - ๐ญ "Container Dietician" Persona: Enjoy entertaining, roast-style feedback that keeps optimization fun.
- Go 1.21+
- Docker daemon running locally (required for local image analysis)
- Optional: Podman via Docker-compatible API socket
- OpenAI API Key
go install github.com/k1lgor/container-diet/cmd/cli@latestgit clone https://github.com/k1lgor/container-diet.git
cd container-diet
go mod tidy
go build -o container-diet cmd/cli/main.goYou must set your OpenAI API key before running the tool:
Linux/macOS:
export OPENAI_API_KEY="sk-..."Windows (PowerShell):
$env:OPENAI_API_KEY="sk-..."container-diet analyze my-app:latestProviding the Dockerfile gives the AI more context for better suggestions.
./container-diet analyze my-app:latest --dockerfile DockerfileUse --remote to pull directly from a registry and analyze without requiring a local daemon image.
./container-diet analyze python:3.9-slim --remoteUse --pull-missing to keep local-first behavior, but auto-pull if the image is missing locally.
./container-diet analyze busybox --pull-missingThe most powerful feature! Use --auto-fix to have the Container Dietician write the optimized Dockerfile for you.
./container-diet analyze --dockerfile Dockerfile --auto-fixThis will generate a Dockerfile.diet file in the same directory. You can then compare it with your original and apply the improvements. Works even without a source Dockerfile by reverse-engineering the image layers!
For local analysis with Podman, expose Podman's Docker-compatible API socket and set DOCKER_HOST to it.
./container-diet analyze --helpHere is what happens when you feed the "Nightmare Monolith" Dockerfile to the Container Dietician:
Command:
./container-diet analyze --dockerfile samples/Dockerfile.nightmareOutput:
Reading Dockerfile: samples/Dockerfile.nightmare...
๐ณ [AI ANALYSIS COMPLETE]
Asking the Container Dietician for insights... ๐ข
Oh, honey, what do we have here? A "Monolith Monster" Dockerfile that's about to sink your ship
with its fatty layers and spicy security risks! Letโs roll up our sleeves and clean this galactic
mess. ๐
---
โ WARNING: Version Drift Alert!
You've got a "fluffy" problem right at the start, darling! Using `ubuntu:latest` means you're
playing roulette with your build environment. ๐ฐ
โ SUGGESTION: Pin your base image to a specific version like `ubuntu:22.04` to keep things
predictable.
---
โ WARNING: Apt-get Avalanche!
Installing just about everything but the kitchen sink, are we? This is the definition of bloat,
my dear. ๐
โ SUGGESTION: Install only what's necessary for your app. Consider slimming it down by ditching
`openjdk-11-jdk`, `build-essential`, `cmake`, and `gdb` unless you truly need them. Otherwise,
you're just hoarding bytes.
---
โ WARNING: Hazardous Permissions Play!
777 permissions? I hope youโre wearing a hard hat! This is a security risk as wide as a black
hole. ๐
โ SUGGESTION: Use more restrictive permissions. Typically, `chmod -R 755` or `chmod -R 644`,
depending on whatโs needed for executing.
---
โ WARNING: Root Cabal Alert!
Running SSH as root with root login permitted? You might as well hand over the keys to the
universe. ๐
โ SUGGESTION: Disable root login and use a non-root user. Also, ask yourselfโdo you really need
SSH in a container? Usually, it's a sign you need to rethink your strategy.
---
Oh, darling, letโs trim down that bloated ship before it swallows a sun. Your future workloads
will thank you for the speed and safety tunes! Now, get to work, ๐ ๏ธ and remember: less is always
more. ๐ณโจ
cmd/cli: Main entry point for the CLI.internal/cli: CLI command definitions and logic.internal/ai: OpenAI client integration.internal/analyzer: Core image analysis logic (layers, size, config).samples/: Collection of Dockerfiles for testing (Light to Nightmare). See demo outputs.