How to get a list of images on docker registry v2

Asked 6/7, 2015 at 16:47 Answered 9/7, 2023 at 16:2

387

I'm using docker registry v1 and I'm interested in migrating to the newer version, v2. But I need some way to get a list of images present on registry; for example with registry v1 I can execute a GET request to http://myregistry:5000/v1/search? and the result is:

{
  "num_results": 2,
  "query": "",
  "results": [
    {
      "description": "",
      "name": "deis/router"
    },
    {
      "description": "",
      "name": "deis/database"
    }
  ]
}

But I can't find on official documentation something similar to get a list of image on registry. Anybody knows a way to do it on new version v2?

Giustino answered 6/7, 2015 at 16:47 Comment(4)

Still not enough. Need the dates of the image creation and image push, and hopefully include/suppress prior tag versions. There's got to be an actual web interface, too, right? I'm talking to our admin - we've only got 2.0 – Carranza 11/2, 2016 at 16:33

hub.docker.com seems to have a different API, e.g. to list tags of a repository: curl -sSX GET 'https://hub.docker.com/v2/repositories/library/php/tags?page_size=100'. Or you can make use of docker-hub-api. – Zollie 12/3, 2021 at 12:5

I can't believe docker cli does not have this build in :| you have already logged in via "docker login", so why not provide a command like docker images ls --in-repo=XXX – Handset 18/5, 2022 at 15:15

I'am trying to acces public hub.docker with my private repository, which i added some images on private, but it don't work, if you have any ideas – Rosenbaum 12/9, 2022 at 12:8

699

For the latest (as of 2015-07-31) version of Registry V2, you can get this image from DockerHub:

docker pull distribution/registry:master

List all repositories (effectively images):

curl -X GET https://myregistry:5000/v2/_catalog
> {"repositories":["redis","ubuntu"]}

List all tags for a repository:

curl -X GET https://myregistry:5000/v2/ubuntu/tags/list
> {"name":"ubuntu","tags":["14.04"]}

If the registry needs authentication you have to specify username and password in the curl command

curl -X GET -u <user>:<pass> https://myregistry:5000/v2/_catalog
curl -X GET -u <user>:<pass> https://myregistry:5000/v2/ubuntu/tags/list

By default the number of images is limited to 100, increase the limit with?n={new limit}, if you exceed the default value:

curl https://myregistry:5000/v2/_catalog?n=1000

Sacculate answered 31/7, 2015 at 16:4 Comment(8)

Where do you get the certificate from? – Magbie 26/1, 2017 at 9:43

@duality in case your registry is using either a self-signed certificate, or a certificate signed by an untrusted root CA, you need to supply the certificate to curl to establish a secure connection. To make an insecure connection you could add the '--insecure' flag instead. – Sacculate 26/1, 2017 at 19:10

-k, --insecure (SSL) – Karole 23/3, 2017 at 9:57

Check also which port the docker-registry is using, on the host itself. It may be mapped to 5000 internally, but on the outside, using another one. For me that was the case, as it was using 443:5000, and then the command worked with 443 instead. – Alliaceous 16/11, 2017 at 9:30

Default result only show 100 images record, but if you need to show more you can paginate the result with this query: http://<registry-url>/v2/_catalog?n=<count> with count for example 2000. – Giustino 17/4, 2018 at 14:54

If the registry is password protected, use curl -u <user>:<pass> -X GET ... – Tonry 4/3, 2019 at 10:2

No port number required for me to access azurecr.io – Orcinol 8/5, 2019 at 5:38

just use -u <user> without password on the command line; you will be prompted to type the password, invisibly – Deeann 8/3, 2023 at 12:5

122

you can search on

http://<ip/hostname>:<port>/v2/_catalog

Haggi answered 14/2, 2017 at 7:31 Comment(5)

...as of more recently I'd just like to add that https is required instead of just http – Huzzah 16/5, 2017 at 8:15

I see no such need for my recently installed Docker Registry! – Void 18/9, 2018 at 7:52

localhost:5000/v2/_catalog -- If you have been following the Deploy a registry server document. – Intracardiac 9/2, 2022 at 13:2

Website is not reachable via browser ... – Silkweed 5/5, 2022 at 14:20

Docker registry doesnt have any kind of authentication nor authorization (I suspect thats the main selling point of hub.docker) - that why you set up reverse proxy (Traefik, NGINX). And sane reverse proxy will NOT send WWW-Authenticate: Basic realm="whatever" (prompt for BASIC credentials) over http - you certainly wouldn't send name:password in cleartext over http, wouldn't you... 😆 So SSL (https) is (when you use BASIC auth) and is not (when you dont) required - but it has nothing to do with registries, but with your reverse proxy. – Buyse 31/7, 2023 at 7:24

Get catalogs

Default, registry api return 100 entries of catalog, there is the code:

When you curl the registry api:

curl --cacert domain.crt https://your.registry:5000/v2/_catalog

it equivalents with：

curl --cacert domain.crt https://your.registry:5000/v2/_catalog?n=100

This is a pagination methond.

When the sum of entries beyond 100, you can do in two ways:

First: give a bigger number

curl --cacert domain.crt https://your.registry:5000/v2/_catalog?n=2000

Second: parse the next linker url

curl --cacert domain.crt https://your.registry:5000/v2/_catalog

A link element contained in response header:

curl --cacert domain.crt https://your.registry:5000/v2/_catalog

response header:

Link: </v2/_catalog?last=pro-octopus-ws&n=100>; rel="next"

The link element have the last entry of this request, then you can request the next 'page':

curl --cacert domain.crt https://your.registry:5000/v2/_catalog?last=pro-octopus-ws

If the response header contains link element, you can do it in a loop.

Get Images

When you get the result of catalog, it like follows:

{
   "repositories": [
      "busybox",
      "ceph/mds"
   ]
}

you can get the images in every catalog:

curl --cacert domain.crt https://your.registry:5000/v2/busybox/tags/list

returns:

{"name":"busybox","tags":["latest"]}

Don answered 23/3, 2017 at 10:4 Comment(4)

100 entries defined here – Don 24/3, 2017 at 6:41

This should be the accepted answer. It is the only answer that explains how you get around the dreaded pagination. The currently accepted answer (jonatan) only shows images starting with "a". – Lorraine 15/10, 2018 at 11:34

and how would you get tags list for ceph/mds? in general, for any repository defined with / - /v2/_catalog/ceph/mdt/tags/list doesn't work – Antons 18/11, 2019 at 15:56

@Antons we can access tags list for repos containing / in their names by using /v2/ceph/mdt/tags/list i.e. by omitting _catalog (works for repos without / as well) ref: docs.docker.com/registry/spec/api/#listing-image-tags – Vinylidene 1/11, 2021 at 5:31

The latest version of Docker Registry available from https://github.com/docker/distribution supports Catalog API. (v2/_catalog). This allows for capability to search repositories

If interested, you can try docker image registry CLI I built to make it easy for using the search features in the new Docker Registry distribution (https://github.com/vivekjuneja/docker_registry_cli)

Raffinate answered 28/7, 2015 at 11:27 Comment(0)

This has been driving me crazy, but I finally put all the pieces together. As of 1/25/2015, I've confirmed that it is possible to list the images in the docker V2 registry ( exactly as @jonatan mentioned, above. )

I would up-vote that answer, if I had the rep for it.

Instead, I'll expand on the answer. Since registry V2 is made with security in mind, I think it's appropriate to include how to set it up with a self signed cert, and run the container with that cert in order that an https call can be made to it with that cert:

This is the script I actually use to start the registry:

sudo docker stop registry
sudo docker rm -v registry
sudo docker run -d \
  -p 5001:5001 \
  -p 5000:5000 \
  --restart=always \
  --name registry \
  -v /data/registry:/var/lib/registry \
  -v /root/certs:/certs \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ 
  -e REGISTRY_HTTP_DEBUG_ADDR=':5001' \
  registry:2.2.1

This may be obvious to some, but I always get mixed up with keys and certs. The file that needs to be referenced to make the call @jonaton mentions above**, is the domain.crt listed above. ( Since I put domain.crt in /root, I made a copy into the user directory where it could be accessed. )

curl --cacert ~/domain.crt https://myregistry:5000/v2/_catalog
> {"repositories":["redis","ubuntu"]}

**The command above has been changed: -X GET didn't actually work when I tried it.

Note: https://myregistry:5000 ( as above ) must match the domain given to the cert generated.

Organometallic answered 25/1, 2016 at 15:53 Comment(0)

We wrote a CLI tool for this purpose: docker-ls It allows you to browse a docker registry and supports authentication via token or basic auth.

Burne answered 3/3, 2016 at 8:49 Comment(0)

Here is a nice little one liner (uses JQ) to print out a list of Repos and associated tags.

If you dont have jq installed you can use: brew install jq

# This is my URL but you can use any
REPO_URL=10.230.47.94:443

curl -k -s -X GET https://$REPO_URL/v2/_catalog \
 | jq '.repositories[]' \
 | sort \
 | xargs -I _ curl -s -k -X GET https://$REPO_URL/v2/_/tags/list

Verge answered 27/11, 2018 at 16:7 Comment(2)

argh, I just wrote this then found yours :S but I'll keep my answer because it shows how to handle Basic auth too, and it explains why it works. Also filters the result into a flat image list. – Voile 30/1, 2019 at 9:29

Just for in case jq is not in your Linux distro, get it her stedolan.github.io/jq/download It's a very useful little tool. – Fortney 13/4, 2019 at 16:45

Install registry:2.1.1 or later (you can check the last one, here) and use GET /v2/_catalog to get list.

https://github.com/docker/distribution/blob/master/docs/spec/api.md#listing-repositories

Lista all images by Shell script example: https://gist.github.com/OndrejP/a2386d08e5308b0776c0

Porphyry answered 22/9, 2015 at 7:27 Comment(1)

You missing the revision number. Currently your link is broken. This is current valid one github.com/distribution/distribution/blob/5e75227/docs/content/… – Fearsome 29/3 at 8:23

I had to do the same here and the above works except I had to provide login details as it was a local docker repository.

It is as per the above but with supplying the username/password in the URL.

curl -k -X GET https://yourusername:yourpassword@theregistryURL/v2/_catalog

It comes back as unformatted JSON.

I piped it through the python formatter for ease of human reading, in case you would like to have it in this format.

curl -k -X GET https://yourusername:yourpassword@theregistryURL/v2/_catalog | python -m json.tool

Desdamona answered 13/9, 2018 at 5:14 Comment(0)

Here's an example that lists all tags of all images on the registry. It handles a registry configured for HTTP Basic auth too.

THE_REGISTRY=localhost:5000

# Get username:password from docker configuration. You could
# inject these some other way instead if you wanted.
CREDS=$(jq -r ".[\"auths\"][\"$THE_REGISTRY\"][\"auth\"]" .docker/config.json | base64 -d)

curl -s --user $CREDS https://$THE_REGISTRY/v2/_catalog | \
    jq -r '.["repositories"][]' | \
    xargs -I @REPO@ curl -s --user $CREDS https://$THE_REGISTRY/v2/@REPO@/tags/list | \
    jq -M '.["name"] + ":" + .["tags"][]'

Explanation:

extract username:password from .docker/config.json
make a https request to the registry to list all "repositories"
filter the json result to a flat list of repository names
for each repository name:
make a https request to the registry to list all "tags" for that "repository"
filter the stream of result json objects, printing "repository":"tag" pairs for each tag found in each repository

Voile answered 30/1, 2019 at 9:28 Comment(1)

Nice. Simple use of the API and plain old shell level tools. – Reamonn 25/5, 2021 at 19:1

I wrote an easy-to-use command line tool for listing images in various ways (like list all images, list all tags of those images, list all layers of those tags).

It also allows you to delete unused images in various ways, like delete only older tags of a single image or from all images etc. This is convenient when you are filling your registry from a CI server and want to keep only latest/stable versions.

It is written in python and does not need you to download bulky big custom registry images.

Nope answered 11/2, 2017 at 18:39 Comment(0)

Using "/v2/_catalog" and "/tags/list" endpoints you can't really list all the images. If you pushed a few different images and tagged them "latest" you can't really list the old images! You can still pull them if you refer to them using digest "docker pull ubuntu@sha256:ac13c5d2...". So the answer is - there is no way to list images you can only list tags which is not the same

Aurie answered 13/6, 2019 at 9:24 Comment(1)

Absolutely. If there are images that don't possess a single tag, and instead only possess digests e.g. ubuntu@sha256:ac13c5d2, those will be omitted from the output. If a registry contained ubuntu@sha256:ac13c5d2, alpine:latest, and postgres:15.1, Output from /v2/_catalog would read as {"repositories":["alpine","postgres"]}. – Humboldt 23/11, 2022 at 13:51

If some on get this far.

Taking what others have already said above. Here is a one-liner that puts the answer into a text file formatted, json.

curl "http://mydocker.registry.domain/v2/_catalog?n=2000" | jq . - > /tmp/registry.lst

This looks like

{
  "repositories": [
    "somerepo/somecontiner",
    "somerepo_other/someothercontiner",
 ...
  ]
}

You might need to change the `?n=xxxx' to match how many containers you have.

Next is a way to automatically remove old and unused containers.

Devorahdevore answered 19/7, 2018 at 8:51 Comment(0)

If, the accepted answer here only returns a blank line, it is likely because of your ssl/tls cert on your registry server. Use the --insecure flag:

curl --insecure https://<registryHostnameOrIP>:5000/v2/_catalog

Sigma answered 16/1, 2023 at 19:12 Comment(0)

Docker search registry v2 functionality is currently not supported at the time of this writing. See discussion since Feb 2015: "propose registry search functionality #206" https://github.com/docker/distribution/issues/206

I wrote a script, view-private-registry, that you can find: https://github.com/BradleyA/Search-docker-registry-v2-script.1.0 It is not pretty but it gets the information needed from the private registry.

Example of output from view-private-registry:

$ view-private-registry`
busybox:latest
gcr.io/google_containers/etcd:2.0.9
gcr.io/google_containers/hyperkube:v0.21.2
gcr.io/google_containers/pause:0.8.0
google/cadvisor:latest
jenkins:latest
logstash:latest
mongo:latest
nginx:latest
python:2.7
redis:latest
registry:2.1.1
stackengine/controller:latest
tomcat:7
tomcat:latest
ubuntu:14.04.2
Number of images:   16
Disk space used:    1.7G    /mnt/three/docker-registry/registry-data

Floatage answered 12/2, 2016 at 23:21 Comment(0)

This threads dates back a long time, the most recents tools that one should consider are skopeo and crane.

skopeo supports signing and has many other features, while crane is a bit more minimalistic and I found it easier to integrate with in a simple shell script.

Headmost answered 21/5, 2020 at 10:14 Comment(1)

These are great tools, especially if you have special authentication requirements (e.g. ActiveDirectory). – Placative 2/10, 2020 at 9:41

One liner bash to list all images with their tags:

curl --user user:pass https://myregistry.com/v2/_catalog | jq .repositories | sed -n 's/[ ",]//gp' | xargs -L1 -IIMAGE curl -s --user user:pass https://myregistry.com/v2/IMAGE/tags/list | jq '. as $parent | .tags[] | $parent.name + ":" + . '

Two lines to search for something in the image name:

search=my_container_part_name
curl --user user:pass https://registry.medworx.io/v2/_catalog | jq .repositories | sed -n '/'"$search"'/{s/[ ",]//gp;}' | xargs -L1 -IIMAGE curl -s --user user:pass https://registry.medworx.io/v2/IMAGE/tags/list | jq '. as $parent | .tags[] | $parent.name + ":" + . '

replace: user, pass and myregistry.com accordingly

uses curl, sed, xargs and jq and is hard to understand... but it does the job. It produces one call per image + 1.

Emmett answered 26/7, 2022 at 10:13 Comment(0)

If you can ssh or attach to the docker registry container, just browse the filesystem to look for things you want, like:

kubectl exec -it docker-registry-0 -- /bin/sh

ls /var/lib/registry/docker/registry/v2/repositories
ls /var/lib/registry/docker/registry/v2/repositories/busybox/_manifests/tags/

Campbellite answered 12/10, 2022 at 1:45 Comment(0)

Here is a simple bash script to view and explore a list of catalogs and tags in a self hosted registry. It uses the API exposed in the registry docker image. If you have jless installed it makes viewing a little bit nicer.

#!/bin/bash
REGISTRY="https://my.registry.internal:5000"

curl -s GET $REGISTRY/v2/_catalog
echo "Enter name to get tags:"
read REPO

if command -v jless &> /dev/null
then
  curl -s GET $REGISTRY/v2/$REPO/tags/list | jless
else
  curl -s GET $REGISTRY/v2/$REPO/tags/list
fi

Misgovern answered 9/7, 2023 at 16:2 Comment(0)

Since each registry runs as a container the container ID has an associated log file ID-json.log this log file contains the vars.name=[image] and vars.reference=[tag]. A script can be used to extrapolate and print these. This is perhaps one method to list images pushed to registry V2-2.0.1.

Dulcy answered 4/8, 2015 at 15:24 Comment(0)

If your use-case is identifying only SIGNED and TRUSTED images for production, then this method is handy.

It parses a docker image repo for all SIGNED tags and strips away all the JSON formatting, puking-out only clean image tags. Which of course can be processed further according to your requirements.

Format of Command:

docker trust inspect imageName | grep "SignedTag" | awk -F'"' '{print $4}'

Examples using the nginx & Bitnami Docker repos:

docker trust inspect nginx | grep "SignedTag" | awk -F'"' '{print $4}'

docker trust inspect bitnami/java | grep "SignedTag" | awk -F'"' '{print $4}'

If there are no signed images then No signatures or cannot access imageName will be returned.

Example of a repo WITHOUT signed images (at the time of this writing) using the Wordpress Docker repo:

docker trust inspect wordpress | grep "SignedTag" | awk -F'"' '{print $4}'

Galenic answered 16/12, 2021 at 18:7 Comment(0)

If you want a nice web interface to your registry you can use this registry-browser docker image. This is useful if you just want to look around your registry, different repositories and tags.

Welles answered 6/7, 2022 at 18:31 Comment(1)

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Communard 12/7, 2022 at 18:14

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Get catalogs

Get Images

Recommended topics

Hot tags