OpenLume
Sign in

Dockerfile Visualizer

100% in your browser·No upload·No LLM·Works offline

Paste any Dockerfile and see stages, layers and what each instruction does with a plain-English walkthrough. Your code is parsed locally; it never touches our servers.

Ask any DevOps question, get a 5-min video→
Loading…

How the Dockerfile Visualizer works

Three steps, no install, no Docker daemon needed. Everything runs in your browser. This tool sits inside our broader DevOps engineer roadmap: a free, structured path through containers, CI/CD, Kubernetes, observability, and the topics every Dockerfile author eventually meets.

  1. Step 1

    Paste your Dockerfile

    Drop any Dockerfile into the editor. It works on single-stage hello-worlds, multi-stage builds, BuildKit-only files, and the long-tail of legacy ADD/MAINTAINER quirks.

  2. Step 2

    See the stages and instructions

    Stages and COPY --from edges lay out automatically; every instruction is grouped under its stage with a syntax-coloured preview. Click any row to jump to the source line.

  3. Step 3

    Read the walkthrough

    A plain-English narrative on the right explains what each stage does, what becomes a layer, and which sharp edges the build is sitting on — with one-line fixes per finding.

Supported Dockerfile features

First-class understanding of every part of the Dockerfile surface most teams actually use — including BuildKit.

Stages & images

  • · Multi-stage builds with `AS <name>`
  • · `FROM scratch` and `FROM <stageName>`
  • · Registry / image / tag / digest parsing
  • · Floating-tag vs pinned-SHA detection
  • · `--platform=` flag on FROM

Build instructions

  • · `RUN` shell form and JSON exec form
  • · `COPY` and `ADD` with `--from`, `--chown`, `--chmod`
  • · BuildKit flags: `--mount=type=cache|secret|bind`
  • · `ARG` (global and per-stage) with defaults
  • · Heredoc bodies inside `RUN`

Runtime config

  • · `CMD` and `ENTRYPOINT` (both forms)
  • · `USER` with optional group
  • · `WORKDIR`
  • · `EXPOSE` with TCP/UDP protocol
  • · `HEALTHCHECK` with all flags + NONE
  • · `STOPSIGNAL`, `VOLUME`, `SHELL`

Metadata

  • · `LABEL` key=value pairs
  • · `ENV` declarations
  • · `MAINTAINER` (deprecation flagged)
  • · Parser directives: `# syntax=`, `# escape=`
  • · `ONBUILD` wrappers

Cross-stage graph

  • · Sequence edges between adjacent stages
  • · `COPY --from=<stage>` edges
  • · `COPY --from=<image>` external-image refs
  • · Stage-name resolution and typo detection

Source mapping

  • · 1-based line numbers per instruction
  • · Multi-line continuations collapsed correctly
  • · Click any row → highlight the lines
  • · Cursor in the editor → select the instruction

17 things we'll point out for you

Friendly heads-ups about security, reliability, image size, and common gotchas. Each one comes with a plain-English explanation, a one-line fix, and a link to the exact source line.

Security5 rules
  • · Container runs as root (no `USER` directive)
  • · `curl … | sh` inside a RUN — supply-chain footgun
  • · Secret-shaped names in `ENV` (will end up in the image)
  • · `ARG SECRET=` or token-like ARG defaults
  • · `ADD http(s)://…` downloading remote tarballs
Reliability4 rules
  • · No `HEALTHCHECK` on the final stage
  • · Legacy shell form for `CMD` / `ENTRYPOINT` (PID 1 signal handling)
  • · `WORKDIR` with a relative path
  • · `RUN cd …` instead of using `WORKDIR`
Efficiency6 rules
  • · Floating base-image tag (`node:20`) — not reproducible
  • · No digest pin on base image
  • · Separate `apt-get update` and `apt-get install` (cache-bust bug)
  • · Missing `rm -rf /var/lib/apt/lists/*` after install
  • · `COPY .` before package-manifest copy — busts dep cache
  • · Multiple consecutive `RUN`s that could merge
Best practice2 rules
  • · `ADD` used where `COPY` would do
  • · `MAINTAINER` (deprecated — use `LABEL`)

Frequently asked questions

Is the Dockerfile Visualizer really free?

▾

Yes — there is no signup, no payment, and no rate limit. The tool is fully client-side: your browser parses the Dockerfile, lays out the stages, and runs the lint checks. OpenLume never sees your Dockerfile.

Does my Dockerfile get uploaded anywhere?

▾

No. Parsing, layout, and validation all run in your browser using regular JavaScript — no fetch calls, no telemetry on your Dockerfile, and the page works offline once it has been loaded.

Which Dockerfile features are supported?

▾

All 18 instructions (FROM, RUN, CMD, LABEL, MAINTAINER, EXPOSE, ENV, ADD, COPY, ENTRYPOINT, VOLUME, USER, WORKDIR, ARG, ONBUILD, STOPSIGNAL, HEALTHCHECK, SHELL), parser directives (`# syntax=`, `# escape=`), multi-stage builds with `AS <name>` and `COPY --from`, BuildKit flags on RUN (`--mount=type=cache|secret|bind`, `--network`, `--security`), both shell and JSON exec forms for RUN/CMD/ENTRYPOINT, and the line-continuation / heredoc syntax used in real-world Dockerfiles.

Can it visualize multi-stage builds?

▾

Yes — that’s where the tool earns its keep. Each `FROM … AS <name>` becomes its own card; every `COPY --from=<stage>` draws an edge between the source and target stages so you can see at a glance which artefacts cross stage boundaries. Sequence edges between adjacent stages are drawn dashed so they’re visually distinct from real artefact transfers.

Does it actually check my Dockerfile for problems?

▾

Yes — there are 17 built-in rules covering security (running as root, `curl | sh`, secret-shaped env/arg keys, `ADD` from URL), efficiency (floating tags, missing digest pins, apt-get cache-bust order, missing `rm -rf /var/lib/apt/lists/*`, consecutive RUNs), reliability (missing HEALTHCHECK, legacy CMD/ENTRYPOINT shell form, relative WORKDIR, `RUN cd …`), and deprecation (MAINTAINER, ADD vs COPY). Each finding comes with a plain-English explanation, a one-line fix, and a link to the exact source line.

How is this different from `docker build` output or hadolint?

▾

Hadolint is a great CLI linter; this tool is closer to a graph + walkthrough you can hand to someone learning your repo. The visualizer shows multi-stage relationships visually, explains what each instruction does in plain English, and turns every finding into a "watch a 5-minute explainer" link — so it’s as useful for understanding an unfamiliar Dockerfile as it is for cleaning one up.

Stuck on a Docker concept?

Ask any question and get a 5-minute explainer video, personalised to your level. Free, no credit card.

Also free, also 100% in your browser

Got a GitHub Actions workflow or Kubernetes manifest? Our GitHub Actions Visualizer and Kubernetes YAML Visualizer apply the same graph + narrative + lint treatment.

Stop guessing what your Dockerfile does. Watch it explained.

OpenLume turns any DevOps question into a personalised 5-minute video. Docker, Kubernetes, GitHub Actions, networking, anything.

Get my first explainer free→

Free · No credit card required

OpenLume
Get instant, personalized explainer videos for any tech topic.
Products
  • OpenLume
Tools
  • Kubernetes YAML Visualizer
  • GitHub Actions Visualizer
  • Dockerfile Visualizer
Roadmaps
  • All roadmaps
  • DevOps / Platform Engineer
  • Frontend Developer
  • Backend Developer
  • Full-Stack Developer
Resources
  • How it works?
  • FAQs
Company
  • Contact us
  • Privacy Policy
  • Terms of Use

Copyright © 2026 OpenLume. All rights reserved.