Skopeo — Registry-Agnostic Container Image Toolkit
Skopeo inspects, copies, signs, and deletes container images across registries without a daemon — the Swiss Army knife for OCI image plumbing in CI pipelines.
%20by%20%E2%80%9ELisa%20Wischofsky%E2%80%9D%2C%20licensed%20under%20%E2%80%9ECC0%201.0%E2%80%9D%20(https%3A%2F%2Fcreativecommons.org%2Fpublicdomain%2Fzero%2F1.0%2F)%3C%2Fdc%3Arights%3E%3C%2Frdf%3ADescription%3E%3C%2Frdf%3ARDF%3E%3C%2Fmetadata%3E%3Cmask%20id%3D%22viewboxMask%22%3E%3Crect%20width%3D%22980%22%20height%3D%22980%22%20rx%3D%22490%22%20ry%3D%22490%22%20x%3D%220%22%20y%3D%220%22%20fill%3D%22%23fff%22%20%2F%3E%3C%2Fmask%3E%3Cg%20mask%3D%22url(%23viewboxMask)%22%3E%3Crect%20fill%3D%22url(%23backgroundLinear)%22%20width%3D%22980%22%20height%3D%22980%22%20x%3D%220%22%20y%3D%220%22%20%2F%3E%3Cdefs%3E%3ClinearGradient%20id%3D%22backgroundLinear%22%20gradientTransform%3D%22rotate(145%200.5%200.5)%22%3E%3Cstop%20stop-color%3D%22%23FFD7BA%22%2F%3E%3Cstop%20offset%3D%221%22%20stop-color%3D%22%23FEF3E2%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M421%20119c11%206%2021%2013%2028%2023%2010%2011%2017%2023%2019%2038%202%2013%200%2027-5%2039%2016-6%2034-9%2051-10%2035-1%2070%205%20102%2017%2026%2010%2049%2025%2066%2048%2011%2013%2017%2029%2021%2046%201%207%202%2015%201%2022l-1%207c0%203%200%207-2%2010-4%2013-15%2023-27%2027-3%201-7%202-10%200-2-1-2-4-3-6l-1-2-9-23-10-34-3-11-10-1a441%20441%200%200%201-21-1c-3%200-5-2-8-4l-9-7-3-2-5%2012c-3%202-6%202-9%201l-17-4c-27-4-54-5-81-3a633%20633%200%200%200-75%208%20615%20615%200%200%200-19-6l1%209%202%2018c-1%204-1%207-3%2010l-7%2014-14%2028c-7%2017-12%2034-16%2052-1%203-2%205-4%206a74%2074%200%200%201-12%202c5%209%205%2019%205%2029-1%2012-2%2026-9%2037%208%2010%2010%2023%2011%2036%200%2018-1%2035-8%2052-2%204-5%209-9%2011h-5l-2-10-1-5c-2-14-9-28-20-38%207%2025%2018%2049%2032%2072%2010%2018%2021%2034%2033%2051l5%208%204%205%2011%2016%202%204%204%206c0%205-5%2010-9%2012-3%200-7-2-10-4l-7-6a67%2067%200%200%201-7-4l-6-3c-6-2-12-1-18%201-7%202-13%206-18%2010h-2c-6%205-11%2011-15%2019-1%202-3%202-4%200-4-3-3-9-2-14%203-7%208-14%2013-20%207-7%2017-11%2026-14-35-34-59-79-74-125a393%20393%200%200%201-20-138v-5c2-21%205-42%2012-63l6-17%204-8c-12-2-24-9-31-19s-10-22-9-34a148%20148%200%200%201%2055-99c15-21%2035-38%2059-49%2019-9%2041-13%2062-10a73%2073%200%200%201%2061%2064l1%208a215%20215%200%200%200%201%205c1-6%202-13%201-19-2-12-8-22-15-32-10-12-20-22-33-30-5-4-12-6-18-8l-6-2%205-2c14-2%2027%202%2038%209Zm136%20108c31%203%2062%2013%2088%2030a111%20111%200%200%201%2044%2051c-8-10-16-20-26-29a196%20196%200%200%200-58-35c-15-7-32-13-48-17Zm-318%2021c-6%2013-12%2028-12%2042%200%2011%206%2022%2015%2028l13%207%203-6a78%2078%200%200%201-19-40c-2-10-1-21%200-31Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M495%20234c28%201%2056%206%2084%2015a201%20201%200%200%201%20100%2065c19%2025%2031%2055%2035%2086a361%20361%200%200%201%202%20101l-5%2034-4%2020c-1%202-1%202-3%202-2-4-2-8-2-12-1-15%201-29%202-44%201-24%203-48%201-72l-6-45c-7-28-20-54-40-75-18-18-40-33-63-43-22-9-44-15-67-19-18-3-36-4-54-4a277%20277%200%200%200-128%2029c-13%209-25%2020-35%2032a276%20276%200%200%200-55%20139c-1%2024%200%2047%208%2070l7%2015%2012%201%201%203c-3%202-7%202-11%203-10%202-20%206-29%2012-7%205-14%2011-18%2019-5%2010-3%2022-1%2033%205%2019%2017%2037%2033%2049%2011%209%2025%2014%2039%2016%2010%202%2020%200%2030-1%205%204%208%2012%2011%2017l18%2027a136%20136%200%200%200%2066%2050c22%209%2045%2014%2068%2019l41%208%2017%205v4h-12a535%20535%200%200%201-67-8%20255%20255%200%200%201-84-33c-11-7-21-16-29-27a214%20214%200%200%201-16%20123c-15%2027-40%2048-70%2057-3%201-7%202-10%201-2%200-2-1-2-3%201-3%204-5%206-6%2012-8%2026-14%2038-23%2013-11%2024-23%2031-38%206-15%2010-32%2012-49%202-13%203-26%202-40l-4-38-18-36-19%204a88%2088%200%200%201-75-38%2093%2093%200%200%201-20-58c0-9%203-18%208-25s12-13%2019-17c5-4%2012-6%2018-8l-9-24c-5-22-5-45-2-67a292%20292%200%200%201%2063-149c9-10%2018-19%2029-26%207-4%2014-5%2020-9%2043-19%2090-25%20137-22Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M475%20243a276%20276%200%200%201%20121%2023c23%2010%2045%2025%2063%2043%2020%2021%2033%2047%2040%2075l6%2045c2%2024%200%2048-1%2072-1%2015-3%2029-2%2044%200%204%200%208%202%2012l-1%2020c-2%205-2%2010-2%2016-2%2024-2%2049-6%2074-1%2012-3%2025-8%2036-3%209-8%2017-15%2024-12%2013-27%2024-43%2033-19%2011-39%2016-58%2024-5%202-10%204-13%208%208%201%2015%200%2023-2-5%2012-6%2024-6%2036%200%205-1%2011%201%2016%203%205%208%209%2013%2012l35%2013c22%208%2043%2018%2065%2027%202%204%205%207%206%2012%206%2011%207%2023%203%2035-5%2013-15%2024-27%2031-16%2011-36%2019-55%2024a494%20494%200%200%201-235-7c-20-7-40-14-58-24-14-8-29-18-40-31-6-8-11-19-12-29a122%20122%200%200%200%2086-107c4-24%204-49%200-73%208%2011%2018%2020%2029%2027l27%2014a331%20331%200%200%200%20124%2027h12v-4l-17-5-41-8c-23-5-46-10-68-19-13-6-27-13-39-21-10-9-19-18-27-29l-18-27c-3-5-6-13-11-17-10%201-20%203-30%201-14-2-28-7-39-16a94%2094%200%200%201-33-49c-2-11-4-23%201-33%204-8%2011-14%2018-19%209-6%2019-10%2029-12%204-1%208-1%2011-3l-1-3-12-1-7-15c-8-23-9-46-7-70a276%20276%200%200%201%2054-139c10-12%2022-23%2035-32a277%20277%200%200%201%20128-30Z%22%20fill%3D%22%23ffffff%22%2F%3E%3Cpath%20d%3D%22M260%20571c4%200%207%200%2011%202%205%201%2011%204%2014%208%202%203%202%207%200%2010-5%206-12%2010-16%2016%206%204%2014%206%2021%209%204%201%208%203%2011%206l1%203-8-2-24-7c-4-1-8-3-9-7-1-3%201-7%203-10l15-13c-4-7-15-8-19-15ZM703%20577l2%203%202%2016a483%20483%200%200%201-2%2089c-2%2011-5%2023-10%2033a198%20198%200%200%201-106%2071c-1%2014-3%2031-2%2047l5%205c8%206%2018%209%2027%2012a451%20451%200%200%201%2068%2028c7%204%2013%209%2018%2015-5%201-10-1-16-2-22-9-43-19-65-27l-35-13c-5-3-10-7-13-12-2-5-1-11-1-16%200-12%201-24%206-36-8%202-15%203-23%202%203-4%208-6%2013-8%2019-8%2039-13%2058-24%2016-9%2031-20%2043-33%207-7%2012-15%2015-24%205-11%207-24%208-36%204-25%204-50%206-74%200-6%200-11%202-16Z%22%20fill%3D%22%23000%22%2F%3E%3Cpath%20d%3D%22M668%20488c8%200%2016%204%2022%2010%202%203%205%208%204%2012%200%203-4%205-4%208-2%208-9%2014-16%2018-4%202-11%202-14-2-3-3-3-8-4-12%200-8%203-17%206-24-4%200-8%202-11%205-11%206-19%2017-24%2028-2%203-3%208-6%2010-1%201-3%201-4-1v-9c4-13%2012-25%2022-34%209-6%2019-9%2029-9ZM444%20498c20-1%2043%202%2060%2013%209%205%2017%2013%2020%2023%202%204%200%207-2%2011-2%203-7%205-11%207-12%203-24%201-36-1-5-1-11-2-14-6-4-5-3-11-1-17%201-7%203-14%209-20h-23c-17%202-33%209-47%2020-2%202-5%204-8%203-5%200-8-5-7-9s4-6%207-8c16-10%2035-14%2053-16Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M494%20368c5%200%209%203%2011%207%208%208%2015%2018%2020%2028%202%205%204%2010%203%2015-1%202-2%204-4%203l-5-6c-4-8-10-15-16-22%200%204%201%2010-1%2013-1%204-4%206-8%206-5%200-10-4-14-7l-13-5c-2%201-4%203-6%202l-11-2-20-2-18%202c3-4%208-6%2013-8%2010-5%2021-5%2032-4%203%201%206-2%2010-1%2010%200%2017%204%2025%2010l-4-19c-1-4%201-9%206-10ZM637%20383c3%201%205%202%205%205%200%204-3%208-5%2013%204-2%207-5%2011-5%203%201%204%203%206%206%205-2%2012-4%2018-2%203%201%204%203%205%205-3%203-6%205-10%206-5%202-11%204-16%204-3%200-5-2-7-3l-10%206c-3%200-6-1-7-4l-1-8-8%2015-4%206c-2%200-3%200-4-2-2-3%201-8%202-11%203-8%208-16%2014-23%203-3%206-7%2011-8Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M609%20602c1%209-4%2016-9%2023-4%203-9%206-15%206s-13-3-19-5c-4-2-8-3-11-6l5-4c9-1%2017%203%2025%204%204%200%207-3%209-6%205-5%209-10%2015-12Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20fill-rule%3D%22evenodd%22%20clip-rule%3D%22evenodd%22%20d%3D%22M622%20659c1-4-5-4-7-4-15%200-30%203-45%207a441%20441%200%200%200-84%2036c-6%203-11%207-15%2013l-2%204%205-1c5-5%2012-8%2018-12%200%207%200%2014%204%2020%203%206%209%2010%2015%2011%209%201%2019-3%2026-9%2011-8%2018-20%2024-32%203-6%203-11%203-17%2016-6%2033-9%2049-12h1c3%200%206-1%208-4Zm-84%2048c6-8%2011-18%2014-29l-27%2010c0%207-4%2014-7%2021l-1-6v-1l2-12-23%2010v1c2%206%204%2014%209%2018%204%205%2010%205%2016%203%207-3%2013-9%2017-15Z%22%20fill%3D%22%23000000%22%2F%3E%3Cpath%20d%3D%22M508%20220a271%20271%200%200%201%2097%2024c14%207%2029%2014%2042%2023%208%205%2016%2011%2022%2018l22%2025c-9%204-18%203-27%202-17-2-34-4-51-3l-8-1-7-5-12-8c0%204-1%207-3%2011-2%202-4%203-7%203-4-1-7-3-11-3a470%20470%200%200%200-155%203h-11l-18-6c1%209%204%2018%203%2026-1%204-1%208-3%2011-7%2014-15%2027-21%2042-7%2017-13%2035-17%2053%200%202-1%204-3%205l-12%202c5%209%206%2020%205%2030-1%2012-3%2026-9%2036%207%209%2010%2021%2010%2033%201%2019%200%2037-7%2055-2%204-5%209-10%2011-1%201-4%201-4-1-2-4-2-9-3-13-2-15-9-29-20-40-8-7-17-14-26-19-6-2-11-4-16-8l-6-8c-12-32-16-67-12-101a285%20285%200%200%201%2037-113c10-16%2022-30%2035-43%2010-9%2020-17%2031-23l14-5%2032-11%2019-2h43c23%200%2044-2%2067%200Z%22%20fill%3D%22%23000000%22%2F%3E%3C%2Fg%3E%3Cg%20transform%3D%22translate(10%20-60)%22%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
Agent 可直接安装
这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。
npx -y tokrepo@latest install 842a75aa-3908-11f1-9bc6-00163e2b0d79 --target codex先 dry-run 确认安装计划,再运行此命令。
What it is
Skopeo is a command-line utility for performing operations on container images and image registries. It can inspect, copy, sign, and delete images across any OCI-compliant or Docker registry without requiring a running Docker daemon. Skopeo is part of the Red Hat containers ecosystem alongside Podman, Buildah, and CRI-O.
DevOps engineers, CI pipeline authors, and platform teams who need to mirror, audit, or transfer container images across registries will find Skopeo essential. It supports multiple transports including Docker registries, OCI layouts, OCI archives, and local directories.
How it saves time or tokens
Traditional image mirroring requires pulling an image to a local Docker daemon and then pushing it to a destination registry. Skopeo performs registry-to-registry copies directly, skipping the local storage layer entirely. This eliminates disk I/O overhead and reduces pipeline execution time. For air-gapped environments, skopeo sync can mirror entire repositories in a single command rather than scripting individual pull-tag-push sequences.
How to use
- Install Skopeo via your package manager (
brew install skopeoon macOS,apt install skopeoon Debian/Ubuntu) - Inspect a remote image to check its manifest and layers:
skopeo inspect docker://alpine:latest- Copy images between registries without a local daemon:
skopeo copy docker://quay.io/prometheus/prometheus:latest \
docker://registry.example.com/prom/prometheus:latest- Mirror a full repository for air-gapped deployments:
skopeo sync --src docker --dest dir registry.io/myorg/myapp /local/mirror/Example
# Inspect image metadata without pulling
skopeo inspect docker://nginx:1.25 | jq '.Digest, .Architecture'
# Copy to an OCI layout for offline transfer
skopeo copy docker://postgres:16 oci:./oci-layout:postgres:16
# List all tags in a remote repository
skopeo list-tags docker://docker.io/library/python
# Sign an image on copy with cosign
skopeo copy --sign-by key@example.com \
docker://src-registry.io/app:v1 \
docker://dst-registry.io/app:v1Related on TokRepo
- DevOps Automation Tools -- explore automation workflows for CI/CD pipelines
- Self-Hosted Tools -- discover self-hosted infrastructure tools
Common pitfalls
- Skopeo does not build images. Use Buildah or Docker for image creation, then Skopeo for transport.
- Authentication credentials must be configured per-registry via
skopeo loginor~/.docker/config.json. Missing auth causes cryptic 401 errors. - The
synccommand mirrors all tags by default. Use--scopedto preserve repository paths and avoid tag collisions in the destination.
常见问题
Docker requires a running daemon to pull, tag, and push images. Skopeo operates directly against registry APIs without any daemon, making it faster for CI pipelines and safer in rootless environments. Skopeo also supports direct registry-to-registry copies without intermediate local storage.
Yes. Skopeo supports any OCI-compliant or Docker v2 registry. You can copy images from Docker Hub to AWS ECR, GCR, Azure ACR, Quay, Harbor, or any private registry in a single command without pulling to local storage first.
Yes. Skopeo integrates with Sigstore and GPG signing. You can sign images during copy operations using the --sign-by flag, and verify signatures on inspect. This enables supply chain security in air-gapped or regulated environments.
Skopeo reads credentials from ~/.docker/config.json or its own auth file at $XDG_RUNTIME_DIR/containers/auth.json. You can also use skopeo login to authenticate interactively, or pass --creds username:password for scripted use in CI.
The sync subcommand mirrors entire repositories or selected tags from one registry to another, or to a local directory. It is designed for air-gapped deployments where you need an offline copy of upstream images, and it handles incremental syncing to avoid re-downloading unchanged layers.
引用来源 (3)
- Skopeo GitHub— Skopeo performs operations on container images and registries without a daemon
- Red Hat Containers— Part of the Red Hat containers ecosystem with Podman, Buildah, CRI-O
- Skopeo README— Supports OCI image layout, Docker v2, and multiple transport formats
讨论
相关资产
Distribution — The OCI Container Registry Toolkit
The reference implementation of the OCI Distribution Specification for storing and distributing container images and artifacts. Distribution powers Docker Hub, GitHub Container Registry, and most private registries behind the scenes.
Harbor — Cloud Native Trusted Container Registry
Harbor is a CNCF-graduated open-source container registry that stores, signs, and scans container images. Vulnerability scanning, RBAC, replication, and OCI support.
Concourse — Container-Native CI/CD with Pipelines as Code
Build reliable CI/CD pipelines with Concourse. Every step runs in an isolated container, pipelines are declarative YAML, and the resource model makes dependencies explicit and reproducible.
GitLab CE — Open Source DevOps Platform with Built-In CI/CD
GitLab Community Edition is a complete DevOps platform delivered as a single application, covering source code management, CI/CD pipelines, issue tracking, container registry, and more.