That's, indeed, a spec limitation, not something cek can solve. If you're interested in provenance tracking, you might want to look at Sigstore's cosign attestations or GUAC (Graph for Understanding Artifact Composition).
right. this is me complaining about the spec, not the tools. I've worked on tooling in this space. I simply don't understand why there seems to be no desire to make a simple addition to the spec.
Skopeo and crane are both fantastic tools, but they address different problems at a different level. Skopeo and crane operate at the image registry level, handling pulling, pushing, synchronizing, etc. cek is focused on what's in the container itself, providing a programmatic way to explore a container’s (overlay) filesystem and layers with commands like ls, tree, and cat.
While they may look similar at first glance, Dive and Cek target different use cases. Dive is great at visualizing layer content and analyzing image efficiency, but requires the Docker daemon and can't extract file contents. Cek is daemonless (works with any container runtime or none at all) and focuses on providing a programmatic interface: `ls`, `tree`, `cat`, etc. for exploring a container's overlay filesystem and layers.
Both Marc Brooker (lead developer on the AWS Lambda team) giving the talks at Re:Invent as I mentioned in the footnotes, and the official documentation that's out there will provide you with a lot of information.
