Skip to content
All features

Dive

Layer-by-layer image efficiency analyzer.

Dive isn't a vulnerability scanner. It's a layer auditor. HarborGuard exposes Dive output as part of every scan so you can correlate vulnerable packages with the build step that introduced them — and cut image size at the same time. Smaller images mean fewer CVEs by definition.

What it scans

  • Per-layer file additions, modifications, and deletions
  • Layer efficiency score (% of bytes wasted on duplicated content)
  • Image total size and layer count

When to use it

  • Track image size regressions in CI.
  • Trace where a CVE-introducing package was added.
  • Drive base image optimization initiatives.

How HarborGuard runs Dive

01

Layer breakdown shown on the scan detail page.

02

Efficiency score surfaced as a build hygiene metric.

03

Optional per-org default — toggle in /settings/scan-defaults.

Output formats

JSON, CSV

Upstream

wagoodman/dive