🏷️ Who Built This Image? When? Why?
Image tags tell version. But who built it? Git commit? Labels add metadata. Filter images by label. Audit trail built-in.
📝 Add Labels in Dockerfile
FROM node:18-alpine
LABEL maintainer="team@example.com"
LABEL version="1.2.3"
LABEL build-date="2024-01-15"
LABEL git-commit="a1b2c3d"
LABEL description="API service for user management"
LABEL org.opencontainers.image.source="https://github.com/example/repo"
LABEL org.opencontainers.image.licenses="MIT"
# Multi-line labels
LABEL security.scanned="true" \
security.vulnerabilities="0" \
compliance.hipaa="compliant"
🔧 Inspect and Filter Labels
# Inspect label
docker inspect myapp:latest | grep -A 10 Labels
# Filter images by label
docker images --filter label=maintainer=team@example.com
docker images --filter label=version=1.2.3
docker images --filter label=security.scanned=true
# Build with label from CLI
docker build --label "build.user=$(whoami)" --label "build.time=$(date)" -t myapp .
# Compose labels
version: '3.8'
services:
app:
image: myapp
labels:
- "com.example.environment=production"
- "com.example.department=engineering"
💡 Use Cases
- CI/CD: Add build ID, commit SHA, branch name
- Security: Mark scanned images, CVE status
- Compliance: PCI, HIPAA, GDPR flags
- Cleanup: Delete old images by build-date label
“Security audit asked: which images have been scanned? Used labels. docker images –filter label=scanned=true. Answered in 5 seconds. Labels saved the audit.”