How to securely set up Drydock with Docker socket access?

Use a socket proxy like tecnativa/docker-socket-proxy to restrict API endpoints, as shown in the quick start guide. This minimizes security risks by limiting Drydock's control over the Docker daemon.

Drydock vs Diun: which is better for container update notifications?

Drydock offers a web UI, automation, and security scanning, while Diun is notification-focused without a dashboard. Drydock is better for teams needing comprehensive monitoring and control, whereas Diun suits simpler alerting needs.

Can Drydock automatically update Docker Compose services?

Yes, it supports Docker Compose updates with YAML-preserving service-scoped image patching, enabling automated recreation of services while maintaining configuration integrity.

How to configure OIDC authentication with Drydock?

Set environment variables for DD_AUTH_OIDC_* parameters to integrate providers like Authelia or Auth0. The documentation provides detailed steps for OIDC setup and validation.

Does Drydock support rollback for failed updates?

Yes, it includes automatic pre-update image backup with configurable retention and one-click rollback capabilities, ensuring recovery from update failures as highlighted in the features.

Is Drydock free to use in production?

Yes, it's open-source under AGPL-3.0, but users should ensure proper security setup and monitor for upcoming breaking changes, such as API deprecations in v1.6.0.

Drydock

AGPL-3.0TypeScriptv1.4.5

An open-source container update monitoring tool with a modern dashboard, supporting 23 registries, 20 notification triggers, and automated updates.

Visit Website

What is Drydock?

Drydock is an open-source container update monitoring tool that automatically tracks image updates across 23 container registries and notifies users via 20 different triggers. It solves the problem of keeping containerized applications up-to-date by providing automated update capabilities, security scanning, and a modern dashboard for management. The tool helps DevOps teams maintain security and stability by ensuring containers run the latest patched versions.

Target Audience

DevOps engineers, SREs, and platform teams managing Docker or containerized environments who need automated update monitoring and security scanning. It's particularly valuable for self-hosted infrastructure and teams requiring granular control over container updates.

Value Proposition

Developers choose Drydock for its comprehensive feature set, modern dashboard, and strong security integrations like Trivy scanning. It stands out with support for 23 registries, 20 notification methods, and advanced capabilities like audit logging, OIDC auth, and automated rollbacks—all in a single open-source package.

Overview

Open source container update monitoring — 23 registries, 20 notification triggers, audit log, OIDC auth, Prometheus metrics, and a modern dashboard.

Use Cases

Best For

Related Projects

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

GitHub

198 stars10 forks0 contributors

Monitoring container image updates across multiple registries in self-hosted environments
Automating Docker and Docker Compose updates with security scanning and rollback capabilities
Sending customizable notifications via Slack, Discord, email, or webhooks when updates are available
Maintaining an audit trail of container changes and update events for compliance
Integrating container update monitoring with Prometheus for observability stacks
Managing container updates across distributed Docker hosts using agent architecture

Not Ideal For

Environments exclusively using Kubernetes without Docker containers
Teams needing only basic CLI notifications without a web dashboard or automation
Projects with stringent security policies that prohibit Docker socket access to monitoring tools
Simple, single-container setups where manual updates are sufficient and preferred

Pros & Cons

Pros

Multi-Registry Coverage

Supports 23 container registries including Docker Hub, GHCR, ECR, and private options, providing broad compatibility for diverse environments.

Flexible Notification System

Offers 20 triggers like Slack, Discord, SMTP, and webhooks, allowing customized alerting strategies as detailed in the integrations list.

Integrated Security Scanning

Includes Trivy for vulnerability detection and cosign for signature verification, blocking unsafe updates automatically to enhance security.

Advanced Automation Features

Provides auto-pull, recreate for Docker Compose, pre-update backups, and one-click rollbacks, improving operational safety and efficiency.

Cons

Setup Complexity for Security

Recommended deployment requires a socket proxy (e.g., tecnativa/docker-socket-proxy) to secure Docker API access, adding configuration overhead and potential points of failure.

Limited Orchestrator Scope

Currently focused on Docker and Docker Compose; native Kubernetes support is only planned for v2.0.0, limiting use in modern, mixed-orchestrator environments.

API Version Transition

Unversioned API endpoints are deprecated and will be removed in v1.6.0, necessitating migration for existing integrations and risking breaking changes.

Open Source Alternative To

Drydock is an open-source alternative to the following products:

O

Ouroboros

Watchtower

Watchtower is a container utility that automatically updates running Docker containers to their latest versions by monitoring for new images.

W

What's Up Docker (WUD)

What's Up Docker (WUD) is a monitoring tool that tracks Docker container updates and notifies users when new versions of images are available.

D

Diun

Diun is a Docker image update notifier that monitors Docker registries for new versions of images and sends notifications. It supports various notification services like email, Slack, and webhooks.

Frequently Asked Questions

Home

Docker

cAdvisor

Analyzes resource usage and performance characteristics of running containers.

Stars19,145

Forks2,467

Last commit9 days ago

Checkmate

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Don't be shy, join here: https://discord.com/invite/NAb6H3UTjK :)

An AI-powered next-generation open source real-time observability system.

Docker hosts and containers monitoring with Prometheus, Grafana, cAdvisor, NodeExporter and AlertManager

Stars6,511

Forks1,756

Last commit2 months ago

#devops

#homelab

#container-monitoring