Free Online Dev Tool
Paste docker inspect output for two images to instantly compare layers, size, ENV variables, exposed ports, and configuration. No CLI installation, no Docker daemon, no login required.
docker inspect returns the full configuration metadata of any Docker image as JSON — size, layer digests, environment variables, exposed ports, architecture, entry point, and more. It's the most complete source of image metadata available without pulling the full image filesystem.
To get the inspect output for both images, run these commands in your terminal:
[{ and ends with }]. Both the array format and single object format are supported.
Docker images are built as a stack of read-only layers. Each instruction in a Dockerfile — FROM, RUN, COPY, ADD — creates a new layer identified by its SHA256 content hash. When you compare two Docker images, the layer diff reveals exactly what changed between them.
Shared layers (identical SHA256 digests in both images) are the foundation both images have in common — usually the base OS image and commonly used dependencies. Docker stores shared layers once on disk and reuses them across images, saving space. When you pull an updated image, only the non-shared layers need to be downloaded.
Divergent layers — layers present in one image but not the other — represent actual changes. If Image B has three new layers compared to Image A, those three layers contain the files, packages, or configuration changes that were added. More divergent layers generally means a more significant change, and potentially more surface area for new vulnerabilities.
This tool shows the full layer list for each image, highlights shared layers in green, and flags layers unique to each image separately — giving you an instant visual of how much two images differ at the filesystem level.
Three Docker commands are commonly used to understand image and container differences. They answer different questions and operate at different levels:
| Command | What it shows | Requires | Best for |
|---|---|---|---|
| docker inspect | Full image config: size, layers, ENV, ports, CMD, architecture | Image pulled locally | Comparing two images side by side |
| docker diff | Filesystem changes in a running container vs its base image | Running container | Seeing what a running container changed on disk |
| docker history | Build history: each layer's command, size, and creation time | Image pulled locally | Understanding what Dockerfile instructions created each layer |
| docker scout compare | CVE changes and package differences between two image versions | Docker Scout enabled + account | Security-focused comparison with live CVE database |
| This tool | Structured diff of docker inspect JSON for two images | Just the JSON output | Quick side-by-side compare, no CLI setup |
For a comprehensive comparison, use all three: docker inspect for config metadata, docker history for build layers, and this tool to visualize the inspect diff without manual JSON parsing.
Image size directly affects pull time, storage costs, and attack surface. A smaller image has fewer packages, fewer potential CVE vectors, and downloads faster in CI/CD and Kubernetes. Comparing image size before deploying a new version helps catch unexpected size regressions early.
The Size field in docker inspect output gives the exact uncompressed size in bytes. VirtualSize includes shared layers — layers that are reused from other images on the same host. The difference between the two tells you how much is unique vs shared.
This tool extracts the size from both inspect JSON objects and renders a visual comparison bar — showing which image is larger, by how much in MB or GB, and the percentage difference. Paste both inspect outputs to see the size diff instantly.
Verify that only expected changes are present in the new image version. Catch unexpected ENV additions, new exposed ports, or base image changes before they reach production.
Validate that upgrading from Node 14 to Node 20 changed the expected layers and didn't introduce new ENV variables or configuration drift you weren't aware of.
Check if a new image introduced new exposed ports, changed the USER setting to root, or added suspicious ENV variables with credential patterns.
Compare image sizes before and after applying optimizations — multi-stage builds, Alpine migration, layer consolidation — to measure the actual reduction.
Compare a newly built image against your golden image to detect unexpected configuration drift introduced by a Dockerfile change or dependency update.
When a container works in staging but fails in production, compare the inspect output of both environment images to find configuration discrepancies.
Several tools exist for comparing Docker images — each operates at a different level and requires different setup. This tool is the only browser-based option that requires no installation and works with plain docker inspect output.
| Tool | This Tool | docker scout compare | container-diff |
|---|---|---|---|
| Requires install | ✓ No install | ✗ Docker + Scout CLI | ✗ CLI binary |
| Requires Docker daemon | ✓ No daemon | ✗ Required | ✗ Required |
| Login / account | ✓ No account | ✗ Docker account | ✓ No account |
| Config & metadata diff | ✓ Full diff | ✓ Yes | ✓ Yes |
| CVE / package diff | ✗ Not available | ✓ Full CVE diff | ✓ Package diff |
| Visual side-by-side | ✓ Browser UI | — CLI output | — CLI output |
| Free | ✓ Always free | — Free tier | ✓ Open source |
Need CVE-level package diffs? Use docker scout compare or container-diff. Need a fast visual config and metadata comparison with no setup? This tool is faster for that use case.
Common questions from developers trying to diff Docker images — the kind of discussions you'd find on Stack Overflow, Reddit r/docker, and DevOps forums.
How do I see what changed between two versions of a Docker image?
The most practical approach combines three commands: (1) docker inspect IMAGE_A IMAGE_B to compare config metadata — ENV, ports, USER, working directory. (2) docker history IMAGE_A and docker history IMAGE_B to see the build layers and which Dockerfile instructions created them. (3) For filesystem-level changes on a running container: docker diff CONTAINER_ID. Paste both inspect outputs into this tool to skip the manual JSON parsing.
What does "layer" mean when comparing Docker images, and why does it matter?
Each Dockerfile instruction that modifies the filesystem (FROM, RUN, COPY, ADD) creates a new read-only layer identified by a SHA256 hash of its contents. When you compare two images by their layer hashes, identical hashes mean identical content — those layers don't need to be re-downloaded or rebuilt. The number of unique (non-shared) layers between two versions tells you how much actually changed. One new layer might mean a small config file update; five new layers after a base image upgrade means more substantial changes.
My two images have the same ENV variables but different values — will this tool show that?
Yes. The ENV diff section shows all environment variables from both images in a table. Variables with the same key but different values are flagged as "changed" in red. Variables that exist in only one image are flagged as "A only" or "B only". This is useful for catching cases where a NODE_VERSION or APP_ENV value was inadvertently changed between image builds.
Is there a way to compare Docker images without pulling them?
If you have docker inspect JSON from a previous build saved (for example, in a CI/CD artifact), you can paste it here without pulling the image. For images you haven't pulled, you need to pull them first to run docker inspect. Docker Hub's API can also return some metadata without a full pull — but that requires API calls and authentication. The inspect-based approach covered by this tool is the most straightforward for images you have locally.
How do I find which Docker image version is smaller — the old one or the new one?
Run docker images myapp to see all tags and their sizes. For a more precise comparison in bytes, run docker inspect IMAGE --format='{{.Size}}' for each version. This tool renders a visual size bar for both images when you paste both inspect outputs — you can see the exact size, the difference in MB, and the percentage change at a glance.
Can I compare images from different architectures (amd64 vs arm64)?
Yes. The Architecture field in docker inspect output is compared directly in the configuration diff section. If Image A is amd64 and Image B is arm64, that difference will be flagged. This is useful when validating that your CI/CD pipeline built the correct architecture for your target deployment environment.
docker inspect IMAGE_A and docker inspect IMAGE_B in your terminal. Copy the JSON output for each and paste them into the two panels above. Click Compare Images for a structured side-by-side diff of all metadata fields.docker diff shows filesystem changes (files added, modified, deleted) in a running container relative to its image. docker inspect returns configuration metadata — size, layers, ENV variables, exposed ports, and architecture — for an image or container. For comparing two images side by side, docker inspect is the right tool.docker scout compare is a CLI command that compares two images for CVE and package-level changes — it requires Docker Scout enabled and a Docker account. This tool is a browser-based alternative that compares configuration metadata from docker inspect output, with no installation, no account, and no Docker daemon required.RootFS.Layers array in docker inspect output, each as a SHA256 digest. This tool compares both layer lists and categorizes them: shared layers (same digest in both), layers only in Image A, and layers only in Image B.docker inspect on each, this tool compares them regardless of which registry they came from — Docker Hub, ECR, GCR, GHCR, or a private registry.