diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0513151941..8fec0b7b81 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -98,6 +98,8 @@ Note: This is the first release of Semantic Conventions separate from the Specif
   ([#105](https://github.com/open-telemetry/semantic-conventions/pull/105))
 - Mark `process.runtime.jvm.system.cpu.load_1m` and `process.runtime.jvm.system.cpu.utilization` metrics as opt-in.
   ([#57](https://github.com/open-telemetry/semantic-conventions/pull/57))
+- Add container `image.id`, `command`, `command_line` and `command_args` resource attributes.
+  ([#39](https://github.com/open-telemetry/semantic-conventions/pull/39))
 
 ## v1.20.0 (2023-04-07)
 
diff --git a/semantic_conventions/resource/container.yaml b/semantic_conventions/resource/container.yaml
index 6fdb1fd42f..f3f52c7cfa 100644
--- a/semantic_conventions/resource/container.yaml
+++ b/semantic_conventions/resource/container.yaml
@@ -32,3 +32,37 @@ groups:
         brief: >
           Container image tag.
         examples: ['0.1']
+      - id: image.id
+        type: string
+        brief: >
+          Runtime specific image identifier. Usually a hash algorithm followed by a UUID.
+        note: >
+          Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker
+          container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect)
+          endpoint.
+
+          K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io
+          /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
+
+          OCI defines a digest of manifest.
+        examples: ['sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f']
+      - id: command
+        type: string
+        requirement_level: opt_in
+        note: >
+          If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
+        brief: >
+          The command used to run the container (i.e. the command name).
+        examples: [ 'otelcontribcol' ]
+      - id: command_line
+        type: string
+        requirement_level: opt_in
+        brief: >
+          The full command run by the container as a single string representing the full command. [2]
+        examples: [ 'otelcontribcol --config config.yaml' ]
+      - id: command_args
+        type: string[]
+        requirement_level: opt_in
+        brief: >
+          All the command arguments (including the command/executable itself) run by the container. [2]
+        examples: [ 'otelcontribcol, --config, config.yaml' ]
diff --git a/specification/resource/semantic_conventions/container.md b/specification/resource/semantic_conventions/container.md
index da54233049..a4e169eef5 100644
--- a/specification/resource/semantic_conventions/container.md
+++ b/specification/resource/semantic_conventions/container.md
@@ -14,6 +14,16 @@
 | `container.runtime` | string | The container runtime managing this container. | `docker`; `containerd`; `rkt` | Recommended |
 | `container.image.name` | string | Name of the image the container was built on. | `gcr.io/opentelemetry/operator` | Recommended |
 | `container.image.tag` | string | Container image tag. | `0.1` | Recommended |
+| `container.image.id` | string | Runtime specific image identifier. Usually a hash algorithm followed by a UUID. [1] | `sha256:19c92d0a00d1b66d897bceaa7319bee0dd38a10a851c60bcec9474aa3f01e50f` | Recommended |
+| `container.command` | string | The command used to run the container (i.e. the command name). [2] | `otelcontribcol` | Opt-In |
+| `container.command_line` | string | The full command run by the container as a single string representing the full command. [2] | `otelcontribcol --config config.yaml` | Opt-In |
+| `container.command_args` | string[] | All the command arguments (including the command/executable itself) run by the container. [2] | `[otelcontribcol, --config, config.yaml]` | Opt-In |
+
+**[1]:** Docker defines a sha256 of the image id; `container.image.id` corresponds to the `Image` field from the Docker container inspect [API](https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerInspect) endpoint.
+K8s defines a link to the container registry repository with digest `"imageID": "registry.azurecr.io /namespace/service/dockerfile@sha256:bdeabd40c3a8a492eaf9e8e44d0ebbb84bac7ee25ac0cf8a7159d25f62555625"`.
+OCI defines a digest of manifest.
+
+**[2]:** If using embedded credentials or sensitive data, it is recommended to remove them to prevent potential leakage.
 <!-- endsemconv -->
 
 [DocumentStatus]: https://github.com/open-telemetry/opentelemetry-specification/blob/v1.21.0/specification/document-status.md