Optimize and reduce the size of Docker Container Image using DockerSlim

Posted on 75 views

DockerSlim is an open-source tool that allows you to secure and minify your docker containers up to 30 times! Now, let’s first of all get to know what advantages come along with minifying containers.

  1. Your containers will be lightweight hence starting faster
  2. Upgrades will also be faster
  3. The smaller the container the the less the bugs and security threats.
  4. You will minimize on storage usage for your systems.

This article will cover how to install DockerSlim and how to use it to slim other containers in your docker environment.

How To Install DockerSlim on Linux | macOS

Head over to DockerSlim GitHub repository under ‘Installation’ and download the latest binaries for your system. DockerSlim currently can run on Linux and UNIX systems only(including Mac).

Install DockerSlim on Linux

Choose “Latest Linux Binaries” to download the binaries for a Linux system using wget command.

wget https://downloads.dockerslim.com/releases/1.37.3/dist_linux.tar.gz

Extract the binary file from the .tar.gz file.

tar -xvzf dist_linux.tar.gz

Move the extracted binary files to /usr/local/bin.

sudo mv dist_linux/* /usr/local/bin

Install DockerSlim on macOS

Download archive file containing DockerSlim

wget https://downloads.dockerslim.com/releases/1.37.3/dist_mac.zip

Extract the file using unzip

unzip dist_mac.zip

Move the extracted binary files to /usr/local/bin.

mv dist_mac/* /usr/local/bin

Confirm that the binary files are recognized by your system using which command.


With the installation ready, we can now use it to manage our docker containers. You need to have Docker Container Engine installed on your system. Follow the guide How To Install Docker CE on Linux Systems to get you up to speed with a Docker environment.

Use DockerSlim To Minify and Optimize Docker Containers

DockerSlim has an interactive shell that you can use to slim and secure your containers.

You can open DockerSlim shell by typing docker-slim on you terminal.


The basic commands for dockerslim include:

  • Build – Analyzes, profiles and optimizes your container image then generates the supported security profiles.
  • xray – Used to perform a static analysis of a container image, you can use this command if you want to see what makes the container fat.
  • lint – Used to analyse container instructions in a DockerFile.
  • profile – Used to perform an analysis of the container image without generating an optimized image.

There are other options that are used alongside the above commands e.g:

--target – Target DockerFile or image

--target-type – explicitly specify the command target type if it is an image or dockerfile

--http-probe – Enables http probing

You can check out many other examples from the DockerSlim GitHub repository here

Let’s run through some examples

Build optimized Nginx image

For you to build an optimized image, you first need to download the image:

$ docker pull nginx:latest

We can check the size of the downloaded image by the command below:

$ docker images nginx:latest
nginx        latest    519e12e2a84a   2 hours ago   133MB

Now we can build an optimized image with the command below

$ docker-slim build --target nginx:latest

Sample output:

cmd=build info=event message='HTTP probe is done'
cmd=build state=container.inspection.finishing
cmd=build state=container.inspection.artifact.processing
cmd=build state=container.inspection.done
cmd=build state=building message='building optimized image'
cmd=build state=completed
cmd=build info=results status='MINIFIED BY 12.00X [133108601 (133 MB) => 11089969 (11 MB)]'
cmd=build info=results  image.name=nginx.slim image.size='11 MB' data=true
cmd=build info=results  artifacts.location='/tmp/docker-slim-state/.docker-slim-state/images/519e12e2a84a9eb18094635ae1edfd97b26f95dbc66e317eefb657a1cb08c8dc/artifacts'
cmd=build info=results  artifacts.report=creport.json
cmd=build info=results  artifacts.dockerfile.original=Dockerfile.fat
cmd=build info=results  artifacts.dockerfile.new=Dockerfile
cmd=build info=results  artifacts.seccomp=nginx-seccomp.json
cmd=build info=results  artifacts.apparmor=nginx-apparmor-profile
cmd=build state=done
cmd=build info=commands message='use the xray command to learn more about the optimize image'

The output above states that the image has been reduced from 133MB to 11MB. This is a whooping 12X size.

We can confirm this by checking the size of the new image:

$ docker images nginx.slim


$ docker images nginx.slim
nginx.slim   latest    98bc8a53012f   3 minutes ago   11.1MB

Now we can create a container from the new image and see if it can properly function as the original image.

$ docker run -it -d --name slim-webserver -p 86:80 nginx.slim

In the above command, we have started a container in detached mode (-d) whose name is slim-webserver and exposed port 80 of the container to port 86 of the host. We have also used nginx.slim as the image.

You can check the status of the container using the docker ps -a command.

[email protected]:~# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS               PORTS                NAMES
7d29874994ee   nginx.slim     "/docker-entrypoint.…"   3 minutes ago   Up 3 minutes>80/tcp   slim-webserver

We can access the webserver on port 86 of the host.


This confirms that we have been able to minify Nginx image from 133MB to 11MB and created a working container out of it. Long live DockerSlim!


Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.