Skip to content

fatma-hashem/docker-drift

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
.github/workflows
.github/workflows
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
drift-report.html
drift-report.html
 
 
drift.sh
drift.sh
 
 
testfile.md
testfile.md
 
 

Repository files navigation

🐳 Docker Drift

Detect and report drift between running Docker containers and their original images.
Drift occurs when files, packages, or configurations inside a container are changed without updating the Dockerfile.

Features

  • File system change detection (docker diff)
  • Package difference checking
  • Multiple output formats (Markdown / JSON)
  • CI/CD-friendly exit codes for automation

Why Docker Drift?

In DevOps and production environments, containers often drift when:

  • Packages are manually installed inside running containers
  • Configurations are updated without changing the image
  • Security patches are applied directly in containers

This leads to:

  • ❌ Inconsistent environments
  • ❌ Security vulnerabilities
  • ❌ Hard-to-reproduce bugs

Docker Drift helps catch those issues early.

Installation

Clone the repo and make the script executable:

git clone https://github.com/<your-username>/docker-drift.git
cd docker-drift
chmod +x dockerdrift.sh

Step-by-Step Example

  1. Start a container to test drift:
docker run -d --name my-test-container ubuntu sleep 60
#Install a package manually inside the container to simulate drift:
docker exec my-test-container apt-get update
docker exec my-test-container apt-get install -y curl
#Run Docker Drift:
./dockerdrift.sh my-test-container
Scanning container: my-test-container

Filesystem Drift:
C /etc/apt/sources.list
A /usr/bin/curl

Package Drift:
Added:
curl 8.2.1-1ubuntu3

HTML Report

After running drift.sh, an HTML report (drift-report.html) will be generated automatically in the same folder.
The report shows:

  • Filesystem drift (Added / Changed / Deleted files)
  • Package drift (Added / Removed packages)
  • Summary counts To open the HTML Report, you need to run a command depending on your OS

Linux

xdg-open drift-report.html

macOS

open drift-report.html

Windows (Git Bash / WSL)

explorer drift-report.html

Any OS (manual)

Open your browser and navigate to file:///path/to/drift-report.html.

Run in CI/CD

  1. Push a change to your repo (or open a pull request).
  2. GitHub Actions will automatically run drift.sh and report drift in the workflow logs.

Note on Testing Containers

During testing (for example, in the Step-by-Step Example and GitHub Actions), we sometimes compare two running containers instead of a container and its original image. This is for demonstration purposes: one container simulates the “original” image, while the other is modified to show how drift is detected. In practice, Docker Drift compares a container to its original image to detect filesystem or package changes.

About

Detect and track drift between Docker containers and their base images.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages