Validate container images with confidence
Check Image is a Go-based CLI tool that validates container images against security and operational standards. Ensure your images meet requirements for age, size, security, and compliance before deployment.
$check-image age nginx:latest —max-age 30
✓Image is less than 30 days old
$check-image root-user nginx:latest
✓Image runs as non-root user
$check-image secrets myapp:v1.0
✓No secrets detected
Quick start
Get up and running with Check Image in minutes
Run your first validation
Validate an image with a simple age check:The command exits with code 0 if validation passes, or 1 if it fails.
Explore by feature
Discover what Check Image can do for your container validation workflow
Security validation
Verify images run as non-root users, scan for secrets, and validate security configurations
Policy enforcement
Define and enforce registry trust policies, required labels, and port restrictions
Size and age checks
Ensure images meet size limits, layer count constraints, and freshness requirements
Multiple image sources
Support for Docker daemon, remote registries, OCI archives, and Docker archives
CI/CD integration
Available as GitHub Action, Docker image, and standalone binary for any CI system
JSON output
Machine-readable JSON output for programmatic processing and automation
Command reference
Browse all available validation commands
age
Validate image creation date
size
Check image size and layers
registry
Verify registry trust policy
ports
Validate exposed ports
root-user
Check non-root execution
healthcheck
Verify healthcheck presence
secrets
Scan for sensitive data
entrypoint
Validate startup command
labels
Check OCI annotations
platform
Validate OS/architecture
all
Run all checks at once
version
Display version info
Ready to secure your container images?
Start validating your container images against security and operational standards in minutes.