Nibbler 1.10.0

.NET 6.0
There is a newer prerelease version of this package available.
See the version list below for details.
dotnet tool install --global Nibbler --version 1.10.0
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local Nibbler --version 1.10.0
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=Nibbler&version=1.10.0
nuke :add-package Nibbler --version 1.10.0


NuGet (Nibbler)

Nibbler is a tool for doing simple changes to OCI images, often called docker images. It is publised as a dotnet tool and as an executable where dotnet sdk is not installed.

The tool reads image meta data from a registry, makes changes to meta data and can add folders as new layers in the image. It can not read image layers or execute anything inside the image.

Typical use case is adding build artifacts to create a new image from a existing base image created with another tool. It does not need root or any other privileges, so is well suited for running in a Kubernetes pod.


Nibbler is kind of stable, it is used by some organizations in production pipelines. Error handling and messages could be better. The test set is limited, especially around authentication methods with different image registries.

Why Nibbler

Why use Nibbler instead of other tools?

Nibbler was created because no tool could do simple changes to images in a secure environemnt.

Solutions based on Dockerfile (like docker, Kaniko and partly Builda) are built around the Dockerfile and running operations inside the container that is being built. When running on a build server this functionality is not needed, the artifacts are already created and only need to be copied into a new layer in the image. Nibbler is inspired by tools like Jib. But its less opinionated and lets the user decide how to create the image. Bazel might be a alternative, but does a lot more than just creating images.

Nibbler was created for building dotnet images, as such it is publised as as a dotnet cli tool. But its also made available an executable. Nibbler is language agnostic, and can be used for creating images for other platforms, like node and go.


$ dotnet tool install --global Nibbler
$ nibbler --help
Nibbler v1.x.x
Do simple changes to OCI images

Usage: nibbler [options]

  -?|-h|--help            Show help information.
  --from-image            Set from image (required)
  --from-insecure         Insecure from registry (http)
  --from-skip-tls-verify  Skip verifying from registry TLS certificate
  --from-username         From registry username
  --from-password         From registry password
  --to-image              To image (required)
  --to-insecure           Insecure to registry (http)
  --to-skip-tls-verify    Skip verifying to registry TLS certificate
  --to-username           To registry username
  --to-password           To registry password
  --from-file             Read from image from file (alternative to --from-image)
  --to-file               Write image to file (alternative to --to-image)
  --add                   Add contents of a folder to the image 'sourceFolder:destFolder[:ownerId:groupId:permissions]'
  --addFolder             Add a folder to the image 'destFolder[:ownerId:groupId:permissions]'
  --non-reproducible      Don't produce a reproducible image
  --ignore-file           Use ignore file, optionally specify file (default: '.dockerignore')
  --label                 Add label to the image 'name=value'
  --env                   Add a environment variable to the image 'name=value'
  --git-labels            Add common git labels to image, optionally define the path to the git repo.
  --git-labels-prefix     Specify the prefix of the git labels. (default: 'nibbler.git')
  --workdir               Set the working directory in the image
  --user                  Set the user in the image
  --cmd                   Set the image cmd
  --entrypoint            Set the image entrypoint
  -v|--debug              Verbose output
  --trace                 Trace log. INSECURE! Exposes authentication headers
  --dry-run               Does not push, only shows what would happen (use with -v)
  --docker-config         Specify docker config file for authentication with registry. (default: ~/.docker/config.json)
  --insecure              Insecure registry (http). Only use if base image and destination is the same registry.
  --skip-tls-verify       Skip verifying registry TLS certificate. Only use if base image and destination is the same
  --temp-folder           Set temp folder (default: ./.nibbler)
  --digest-file           Output image digest to file, optionally specify file

Example build script

dotnet publish -o $PWD/artifacts
nibbler \
	--from-image \
	--to-image  \
	--add "artifacts:/app" \
	--workdir /app \
	--entrypoint "dotnet MyApp.dll" 


Work arounds

For Docker Hub use "" as registry. If using a library image, remember to include "library" in the url. If credentials for "" isn't found in docker config, Nibbler will fallback on "" as source for credentials.

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
1.11.0-alpha.2 57 9/25/2023
1.11.0-alpha.1 63 9/23/2023
1.10.0 332 6/17/2023
1.10.0-beta 121 6/14/2023
1.9.0 154 4/12/2023
1.8.2 441 9/29/2022
1.8.1 511 2/1/2022
1.8.0 259 12/7/2021
1.8.0-beta.7 150 11/18/2021
1.8.0-beta.6 134 11/9/2021
1.8.0-beta.5 131 11/8/2021
1.8.0-beta.4 143 11/8/2021
1.8.0-beta.3 133 11/8/2021
1.8.0-beta.2 154 11/8/2021
1.8.0-beta.1 162 5/13/2021
1.7.0 299 5/11/2021
1.6.1 423 11/10/2020
1.6.0 444 10/3/2020
1.6.0-beta.1 219 9/29/2020
1.6.0-alpha.1 249 9/21/2020
1.5.0-alpha.2 284 9/13/2020
1.4.0 592 8/6/2020
1.3.0 399 8/6/2020
1.2.0 477 6/1/2020
1.1.0-beta.2 256 5/4/2020
1.1.0-beta.1 330 3/1/2020
1.0.0-rc.5 267 2/25/2020
1.0.0-rc.4 270 2/24/2020
1.0.0-rc.3 366 2/13/2020
1.0.0-rc.2 559 1/30/2020
1.0.0-rc.1 279 1/21/2020