Query Dockerfiles
Query Dockerfiles with cnquery
Rely on cnquery to query and analyze Dockerfiles. Explore base images, instructions, stages, and configuration within your container build definitions.
Requirements
To query Dockerfiles with cnquery, you must have:
- cnquery installed on your workstation.
- A Dockerfile or directory containing Dockerfiles.
Query a Dockerfile
To open a cnquery shell and query a Dockerfile:
cnquery shell docker file FILEPATH| For... | Substitute... |
|---|---|
| FILEPATH | The path to the Dockerfile |
For example:
cnquery shell docker file ./DockerfileTo find and query nested Dockerfiles within a directory:
cnquery shell docker file ./docker/Example queries
This query retrieves all stages in a multi-stage Dockerfile:
cnquery> dockerfile.stages
dockerfile.stages: [
0: dockerfile.stage
1: dockerfile.stage
]This query retrieves the base image for the first stage:
cnquery> dockerfile.stages[0].from
dockerfile.stages[0].from: {
image: "ubuntu"
tag: "22.04"
}This query retrieves all FROM instructions:
cnquery> dockerfile.stages { from }
dockerfile.stages: [
0: {
from: {
image: "node"
tag: "18-alpine"
}
}
1: {
from: {
image: "nginx"
tag: "alpine"
}
}
]This query retrieves all RUN instructions:
cnquery> dockerfile.stages[0].run
dockerfile.stages[0].run: [
0: "apt-get update"
1: "apt-get install -y curl"
]This query retrieves the USER instruction:
cnquery> dockerfile.stages[0].user
dockerfile.stages[0].user: {
user: "appuser"
}This query retrieves exposed ports:
cnquery> dockerfile.stages[0].expose
dockerfile.stages[0].expose: [
0: {
port: 8080
protocol: "tcp"
}
]This query retrieves environment variables:
cnquery> dockerfile.stages[0].env
dockerfile.stages[0].env: {
NODE_ENV: "production"
APP_PORT: "8080"
}This query retrieves COPY instructions:
cnquery> dockerfile.stages[0].copy
dockerfile.stages[0].copy: [
0: {
src: ["package.json"]
dst: "/app/"
}
]Exit the cnquery shell
To exit the cnquery shell, either press Ctrl + D or type exit.
Learn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For a list of all the Dockerfile resources and fields you can query, read the OS Resource Pack Reference.