{"id":47695323,"url":"https://github.com/bogdanpricop/docker-dash","last_synced_at":"2026-04-05T23:01:04.121Z","repository":{"id":347314653,"uuid":"1193358915","full_name":"bogdanpricop/docker-dash","owner":"bogdanpricop","description":"Lightweight Docker management dashboard — 55+ features, vulnerability scanning, Git integration, agentless multi-host, workflow automation. Self-hosted Portainer alternative. MIT license, 384 tests, zero build step.","archived":false,"fork":false,"pushed_at":"2026-03-31T10:26:36.000Z","size":7241,"stargazers_count":2,"open_issues_count":5,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-04-03T02:59:21.106Z","etag":null,"topics":["container-management","dashboard","devops","docker","docker-management","gitops","nodejs","portainer-alternative","self-hosted","sqlite","vanilla-js","vulnerability-scanning"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bogdanpricop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-27T06:15:44.000Z","updated_at":"2026-04-02T22:07:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/bogdanpricop/docker-dash","commit_stats":null,"previous_names":["bogdanpricop/docker-dash"],"tags_count":12,"template":false,"template_full_name":null,"purl":"pkg:github/bogdanpricop/docker-dash","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanpricop%2Fdocker-dash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanpricop%2Fdocker-dash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanpricop%2Fdocker-dash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanpricop%2Fdocker-dash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bogdanpricop","download_url":"https://codeload.github.com/bogdanpricop/docker-dash/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bogdanpricop%2Fdocker-dash/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31452901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T21:22:52.476Z","status":"ssl_error","status_checked_at":"2026-04-05T21:22:51.943Z","response_time":75,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-management","dashboard","devops","docker","docker-management","gitops","nodejs","portainer-alternative","self-hosted","sqlite","vanilla-js","vulnerability-scanning"],"created_at":"2026-04-02T16:23:01.930Z","updated_at":"2026-04-05T23:01:04.092Z","avatar_url":"https://github.com/bogdanpricop.png","language":"JavaScript","readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003e🐳 Docker Dash\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\n    A lightweight, full-featured Docker management dashboard.\u003cbr\u003e\n    Self-hosted alternative to Portainer — built with Node.js, vanilla JavaScript, and SQLite.\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/bogdanpricop/docker-dash/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/bogdanpricop/docker-dash/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/bogdanpricop/docker-dash/releases/latest\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/bogdanpricop/docker-dash?color=blue\" alt=\"Release\"\u003e\u003c/a\u003e\n    \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/github/license/bogdanpricop/docker-dash\" alt=\"License\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/bogdanpricop/docker-dash/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://img.shields.io/badge/tests-384%20passing%20(100%25)-brightgreen\" alt=\"Tests\"\u003e\u003c/a\u003e\n    \u003ca href=\"SECURITY.md#security-audit-history\"\u003e\u003cimg src=\"https://img.shields.io/badge/production%20readiness-9.2%2F10-brightgreen\" alt=\"Production Readiness\"\u003e\u003c/a\u003e\n    \u003ca href=\"SECURITY.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/security-audited-brightgreen\" alt=\"Security Audited\"\u003e\u003c/a\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Docker-~80MB-blue\" alt=\"Image Size\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/RAM-~50MB-blue\" alt=\"RAM Usage\"\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"#quick-start\"\u003eQuick Start\u003c/a\u003e \u0026bull;\n    \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e \u0026bull;\n    \u003ca href=\"#screenshots\"\u003eScreenshots\u003c/a\u003e \u0026bull;\n    \u003ca href=\"#comparison\"\u003eComparison\u003c/a\u003e \u0026bull;\n    \u003ca href=\"#multi-host\"\u003eMulti-Host\u003c/a\u003e \u0026bull;\n    \u003ca href=\"#contributing\"\u003eContributing\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n**Zero dependencies to deploy** — just Docker. No external database, no Redis, no build step.\n\n## Screenshots\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eDashboard (Dark)\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/dashboard.png\" alt=\"Dashboard\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eDashboard (Light)\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/dashboard-light.png\" alt=\"Dashboard Light\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eContainers\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/containers.png\" alt=\"Containers\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eContainers (Light)\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/containers-light.png\" alt=\"Containers Light\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eContainer Detail\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/container-detail.png\" alt=\"Container Detail\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eTerminal (xterm.js)\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/terminal.png\" alt=\"Terminal\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eSecurity Scanning\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/security.png\" alt=\"Security\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eImage Management\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/images.png\" alt=\"Images\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eNetwork Topology\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/topology.png\" alt=\"Network Topology\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eDependency Map\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/dependency-map.png\" alt=\"Dependency Map\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eCost Optimizer\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/cost-optimizer.png\" alt=\"Cost Optimizer\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eInsights\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/insights.png\" alt=\"Insights\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eStacks\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/stacks.png\" alt=\"Stacks\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eMulti-Host\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/hosts.png\" alt=\"Hosts\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eAPI Playground\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/api-playground.png\" alt=\"API Playground\" width=\"400\"\u003e\u003c/td\u003e\n    \u003ctd align=\"center\"\u003e\u003cstrong\u003eNotifications\u003c/strong\u003e\u003cbr\u003e\u003cimg src=\"docs/screenshots/notifications.png\" alt=\"Notifications\" width=\"400\"\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## Features\n\n### Core\n- **Container Management** — Start, stop, restart, pause, kill, remove, clone, rename, update/recreate\n- **Image Management** — Pull with streaming progress, remove, tag, import/export, build from Dockerfile\n- **Volume Management** — Create, remove, inspect with real disk usage sizes\n- **Network Management** — Create, remove, connect/disconnect containers, inspect IPAM config\n- **Bulk Actions** — Checkbox selection + floating bar for batch start/stop/restart/remove\n- **Container File Browser** — Navigate, view, and download files inside running containers\n- **Container Diff** — See filesystem changes vs base image with color-coded entries\n\n### Monitoring \u0026 Intelligence\n- **Real-time Dashboard** — Customizable live CPU/memory charts (WebSocket, 10s interval, toggle widgets)\n- **Container Health Score** — Composite 0-100 score with color dots in list view + summary bar\n- **Resource Trends \u0026 Forecasting** — 7-day linear regression with 24h CPU/memory projection\n- **Memory Exhaustion Prediction** — \"will exceed limit in N hours\" warning\n- **Plain-English Status** — Exit codes mapped to messages (137=OOM, 143=SIGTERM, etc.)\n- **Network Topology** — Interactive canvas map with drag, zoom, pan, hover highlighting\n- **Dependency Map** — Interactive graph showing container relationships (env vars, networks, links)\n- **Uptime Reports** — Per-container uptime %, restart count, first/last seen\n- **Cost Optimizer** — Per-container cost breakdown, idle detection, savings recommendations\n- **Image Freshness Dashboard** — Freshness score based on age + vulnerability count\n- **Audit Log Analytics** — Top users, top actions, activity heatmap by hour/day\n- **Notifications Center** — Dedicated page with filters, pagination, bulk mark-read/delete\n\n### Security\n- **Vulnerability Scanning** — Trivy + Grype + Docker Scout with automatic detection and fallback\n- **Safe-Pull Updates** — Pull new image → scan for vulns → only swap if clean (blocks critical CVEs)\n- **Deployment Pipelines** — Staged pull → scan → swap → verify → notify with full history\n- **Security Dashboard** — Scan history, per-image status, AI-assisted remediation prompts\n- **AI Container Doctor** — Diagnostics + 30 log pattern matchers + AI prompt generator\n- **Guided Troubleshooting** — 8-step diagnostic wizard (state, health, logs, ports, volumes, resources)\n- **Container Rollback** — One-click revert to previous image with version history\n- **First-login Setup Wizard** — Forces password change, recommends disabling default admin\n\n### Git Integration (GitOps)\n- **Deploy from Git** — Clone repos, select branch, compose file path, deploy with one click\n- **Auto-Deploy** — Webhook receiver (GitHub, GitLab, Gitea, Bitbucket) + polling-based updates\n- **Deployment History** — Full audit trail with commit hash, trigger type, duration, rollback\n- **Diff View** — See exactly what changed before redeploying\n- **Push to Git** — Edit compose in UI, commit and push back to repository\n- **Git Credentials** — Token, basic auth, SSH key (AES-256-GCM encrypted)\n- **Multi-file Compose** — Multiple YAML override files per stack\n- **Environment Overrides** — Per-stack env vars with sensitive value encryption\n\n### Multi-Host\n- **TCP + TLS** — Connect remote Docker hosts over the network with mutual TLS\n- **SSH Tunnel** — Secure tunnel via SSH (no need to expose Docker API)\n- **Docker Desktop** — Connect to Windows/Mac Docker Desktop instances\n- **Podman Compatible** — Works with Podman via Docker-compatible API socket\n- **Host Selector** — Switch between hosts from the sidebar dropdown\n\n### Operations\n- **Stacks Page** — Unified Compose + Git stacks management with actions (up/down/restart/pull)\n- **Docker Compose Editor** — Edit, validate, save \u0026 deploy compose configs inline\n- **Terminal** — Full xterm.js terminal with shell selection (`sh`, `bash`, `zsh`, `ash`)\n- **Alerts** — CPU/memory threshold rules with 7 notification channels\n- **Notifications** — Discord, Slack, Telegram, Ntfy, Gotify, Email (SMTP), Custom Webhook\n- **Workflow Automation** — IF-THEN rules (CPU high → restart, container crash → notify, etc.)\n- **Scheduled Actions** — Cron-based container actions with presets, history, run-now, enable/disable\n- **Maintenance Windows** — Scheduled pull/scan/update with block-on-critical\n- **Firewall** — View and manage UFW rules (Linux)\n- **Container Groups** — User-defined grouping with colors, beyond Docker Compose projects\n\n### Developer Tools\n- **API Playground** — Browse and test all 230+ API endpoints from the UI with response viewer\n- **docker run → Compose** — Paste any docker run command, get docker-compose YAML\n- **AI Log Analysis** — Generate diagnostic prompts for ChatGPT/Claude from container logs\n- **Traefik/Caddy Labels** — Generate reverse proxy labels from domain + port\n- **App Templates** — 30 built-in + custom templates with CRUD, preview, and modification tracking\n- **Deploy Preview** — Check for image updates via digest comparison before pulling\n- **Resource Limits Editor** — Visual sliders with presets for CPU and memory\n- **Resource Recommendations** — Smart advice: over-provisioned, memory pressure, idle containers\n\n### Platform\n- **Multi-user** — Admin, operator, viewer roles with session management\n- **SSO Authentication** — Authelia, Authentik, Caddy forward_auth, Traefik (header-based)\n- **Audit Log** — Every action logged with user, timestamp, IP address\n- **Public Status Page** — Unauthenticated status page for selected services\n- **Container Metadata** — Custom labels, descriptions, links, categories, owner, notes\n- **Dark/Light Theme** — Per-user sync across devices, system-aware toggle, mobile responsive\n- **i18n** — 11 languages: English, Romanian, German, Italian, French, Spanish, Portuguese, Chinese, Japanese, Korean, Klingon ([add yours](public/js/i18n/README.md))\n- **Klingon Easter Egg** — Full activation animation with sound, dagger cursor, red theme\n- **Command Palette** — Ctrl+K quick navigation with keyboard shortcuts\n- **Watchtower Detection** — Auto-detect and migrate from Watchtower to native safe-pull\n- **Prometheus Metrics** — `/api/metrics` endpoint for Grafana integration\n- **Self-Reporting Footprint** — Docker Dash memory, uptime, DB size at `/api/footprint`\n- **384 Tests** — 29 test suites covering auth, RBAC, security, CRUD, services (100% passing)\n\n## Quick Start\n\n```bash\n# Clone the repository\ngit clone https://github.com/bogdanpricop/docker-dash.git\ncd docker-dash\n\n# Copy and configure environment\ncp .env.example .env\n# Edit .env — at minimum change APP_SECRET and ADMIN_PASSWORD\n\n# Start with Docker Compose\ndocker compose up -d\n\n# Open in browser\nopen http://localhost:8101\n```\n\nDefault credentials: `admin` / `admin` — on first login, a **security setup wizard** will require you to change the password.\n\n## Requirements\n\n- Docker Engine 20.10+ (or Docker Desktop 4.x+)\n- Docker Compose v2\n- ~50MB RAM, minimal CPU\n\n## Architecture\n\n```\n┌─────────────────┐     ┌───────────────────┐\n│   Browser SPA   │────▸│  Node.js/Express  │\n│  (vanilla JS)   │◂────│   REST + WebSocket│\n└─────────────────┘     └────────┬──────────┘\n                                 │\n                    ┌────────────┼────────────┐\n                    │            │            │\n              ┌─────┴──────┐ ┌───┴────┐ ┌─────┴─────┐\n              │  SQLite    │ │ Docker │ │  Docker   │\n              │ (embedded) │ │ Local  │ │  Remote   │\n              │ WAL mode   │ │ Socket │ │ TCP/SSH   │\n              └────────────┘ └────────┘ └───────────┘\n```\n\n| Layer | Technology |\n|-------|-----------|\n| Backend | Node.js 20, Express 4, dockerode, better-sqlite3, ws, ssh2 |\n| Frontend | Vanilla JavaScript SPA, Chart.js, xterm.js, Font Awesome (CDN) |\n| Database | SQLite with WAL mode, auto-aggregation, configurable retention |\n| Security | bcrypt, Helmet CSP, rate limiting, session-based auth, Bearer token fallback |\n| Scanning | Trivy (OSS), Grype (Anchore), Docker Scout (SARIF format) |\n\n**Zero build step** — no webpack, no bundler, no transpiler. Frontend files are served as-is.\n\n## Multi-Host\n\nDocker Dash can manage multiple Docker hosts from a single instance:\n\n| Method | Use Case | Requirements |\n|--------|----------|-------------|\n| **TCP + TLS** | Remote Linux servers | Docker API exposed on port 2376 + TLS certificates |\n| **Docker Desktop** | Windows / Mac | \"Expose daemon on TCP\" enabled in DD Settings |\n| **SSH Tunnel** | Secure remote (no API exposure) | SSH access + `socat` installed + user in `docker` group |\n| **Unix Socket** | Local (default) | Docker socket mounted (automatic) |\n\nThe app includes a **built-in setup guide** (Hosts page) with step-by-step instructions for each method, including TLS certificate generation and per-OS `socat` installation commands.\n\n## Podman Support\n\nDocker Dash works with **Podman** via its Docker-compatible API. No code changes needed.\n\n```bash\n# 1. Enable the Podman socket\nsystemctl --user enable --now podman.socket    # rootless\n# or\nsudo systemctl enable --now podman.socket      # rootful\n\n# 2. Set the socket path in .env\necho 'DOCKER_SOCKET=/run/podman/podman.sock' \u003e\u003e .env   # rootful\n# or\necho 'DOCKER_SOCKET=/run/user/1000/podman/podman.sock' \u003e\u003e .env  # rootless\n\n# 3. Start Docker Dash\ndocker compose up -d   # or podman-compose up -d\n```\n\n**Known differences:** Podman lacks Docker Compose labels (`com.docker.compose.project`), so containers won't auto-group into stacks. Use Docker Dash's Container Groups feature instead.\n\n## Configuration\n\nAll config via environment variables. See [`.env.example`](.env.example) for the full list.\n\n| Variable | Default | Description |\n|----------|---------|-------------|\n| `APP_PORT` | `8101` | HTTP port |\n| `APP_SECRET` | — | **Required.** Session signing key |\n| `ADMIN_PASSWORD` | `admin` | Initial admin password (first launch only) |\n| `ENCRYPTION_KEY` | — | Encrypt registry credentials at rest |\n| `STATS_INTERVAL_MS` | `10000` | Stats collection interval (ms) |\n| `STATS_RAW_RETENTION_HOURS` | `24` | Keep raw stats for N hours |\n| `EVENT_RETENTION_DAYS` | `7` | Keep Docker events for N days |\n| `ENABLE_EXEC` | `true` | Allow terminal exec into containers |\n| `READ_ONLY_MODE` | `false` | Disable all write operations |\n\n## Development\n\n```bash\n# Install dependencies\nnpm install\n\n# Start in development mode (auto-reload on file changes)\nnpm run dev\n\n# Open http://localhost:8101\n```\n\nNo build step needed. Edit any `.js` or `.css` file and refresh the browser.\n\n## Adding a Language\n\nDocker Dash uses a modular i18n system. To add a new language:\n\n1. Copy `public/js/i18n/TEMPLATE.js` to `public/js/i18n/{code}.js`\n2. Translate the values (keys stay in English)\n3. Add one `\u003cscript\u003e` tag in `index.html`\n\nThat's it — the language appears automatically in the selector. See [`public/js/i18n/README.md`](public/js/i18n/README.md) for full instructions.\n\nCurrently supported: **English**, **Romanian**, **German**, **Italian**, **French**, **Spanish**, **Portuguese**, **Chinese**, **Japanese**, **Korean**, **Klingon** (11 languages).\n\n## Project Structure\n\n```\ndocker-dash/\n├── src/\n│   ├── config/          # Environment-based configuration\n│   ├── db/              # SQLite setup + 32 auto-migrations\n│   ├── middleware/       # Auth, rate limiting, hostId extraction\n│   ├── routes/          # REST API (containers, images, volumes, networks, hosts, ...)\n│   ├── services/        # Business logic (docker, stats, alerts, ssh-tunnel, registry)\n│   ├── ws/              # WebSocket server (exec, live logs, live stats)\n│   └── utils/           # Logger, helpers\n├── public/\n│   ├── js/\n│   │   ├── i18n/        # Language files (11 languages + TEMPLATE.js)\n│   │   ├── pages/       # SPA pages (dashboard, containers, images, security, hosts, ...)\n│   │   ├── components/  # Reusable UI (modal, toast, data table)\n│   │   ├── api.js       # HTTP client with auto host-context\n│   │   ├── ws.js        # WebSocket client with reconnect\n│   │   └── app.js       # Router, auth, sidebar, command palette\n│   └── css/app.css      # Single stylesheet, CSS variables, dark/light themes\n├── docs/\n│   └── screenshots/     # UI screenshots for README\n├── Dockerfile           # Multi-stage: base → deps → production\n├── docker-compose.yml   # Production-ready with health check\n└── .env.example         # All variables documented\n```\n\n## Comparison\n\n**75+ features compared, 40+ exclusive to Docker Dash.** See the interactive comparison at `#/compare` in the app, or via `GET /api/compare`.\n\n| Feature | Docker Dash | Portainer CE | Dockge | Dockhand |\n|---------|:-----------:|:------------:|:------:|:--------:|\n| Container CRUD | Yes | Yes | Compose only | Yes |\n| Image Management | Yes | Yes | No | Yes |\n| Volume / Network Management | Yes | Yes | No | Yes |\n| **Network Topology** | **Yes** | No | No | No |\n| **Dependency Map** | **Yes** | No | No | No |\n| Real-time Stats (WebSocket) | Yes | Yes | Basic | Yes |\n| Terminal (xterm.js) | Yes | Yes | Yes | Yes |\n| **Container File Browser** | **Yes** | Yes ($) | No | No |\n| **Container Diff** | **Yes** | No | No | No |\n| Vulnerability Scanning | Trivy + Grype + Scout | No | No | Grype + Trivy |\n| **Safe-Pull + Pipeline** | **5-stage** | No | No | Basic |\n| **Container Rollback** | **Yes** | No | No | No |\n| Multi-Host (agentless) | Yes | Agent required | Agent | Yes |\n| **Git Integration** | **Yes** | BE only ($) | No | No |\n| **Webhooks + Polling** | **Yes** | BE only ($) | No | No |\n| **Audit Log** | **Yes** | BE only ($) | No | No |\n| **Alerts (7 channels)** | **Yes** | BE only ($) | No | No |\n| **SSO (Authelia/Authentik)** | **Yes** | BE only ($) | No | No |\n| **Health Score (0-100)** | **Yes** | No | No | No |\n| **AI Container Doctor** | **Yes** | No | No | No |\n| **Resource Forecasting** | **Yes** | No | No | No |\n| **Cost Optimizer** | **Yes** | No | No | No |\n| **Insights Dashboard** | **Yes** | No | No | No |\n| **Workflow Automation** | **Yes** | No | No | No |\n| **Scheduled Actions (cron)** | **Yes** | No | No | No |\n| **Bulk Actions** | **Yes** | Yes | No | No |\n| **Cross-Host Migration** | **Zero-downtime** | No | No | No |\n| **Stack Export/Import** | **Yes** | No | No | No |\n| **Compose Editor** | **Yes** | Yes ($) | Yes | No |\n| **Troubleshooting Wizard** | **Yes** | No | No | No |\n| **Public Status Page** | **Yes** | No | No | No |\n| **Daily Auto-Backup** | **Yes** | No | No | No |\n| **Notifications Center** | **Yes** | Basic | No | No |\n| **API Playground** | **Yes** | Swagger ($) | No | No |\n| **Container Groups** | **Yes** | No | No | No |\n| **Dashboard Widgets** | **Configurable** | Fixed | No | No |\n| App Templates | 30 + custom | 500+ community | No | No |\n| i18n | 11 languages | Partial | No | No |\n| Command Palette + Shortcuts | Yes | No | No | No |\n| Mobile Responsive | Yes | Yes | Yes | Yes |\n| Test Suite | **384 tests (100%)** | Yes | No | No |\n| Build Step | **None** | Angular | Required | Required |\n| Container Size | **~80MB** | ~250MB | ~100MB | ~80MB |\n| RAM Usage | **~50MB** | ~200MB | ~50MB | ~60MB |\n| License | **MIT** | Zlib | MIT | BSL 1.1 |\n\n\u003e **40+ features** are exclusive to Docker Dash — no competitor has them.\n\u003e **6 features** that Portainer locks behind paid Business Edition are **free** in Docker Dash.\n\n## License\n\n[MIT](LICENSE) — free for personal and commercial use.\n\n## Security\n\nDocker Dash takes security seriously. See [SECURITY.md](SECURITY.md) for our full security policy.\n\n### Docker Socket Access\n\nDocker Dash requires access to the Docker socket (`/var/run/docker.sock`). This is **equivalent to root access** on the host. This is the same requirement as Portainer, Dockge, and all other Docker management UIs.\n\n**Mitigations in place:**\n- Socket mounted **read-only** (`:ro`) in production docker-compose\n- `no-new-privileges` security option enabled\n- Role-based access control (admin/operator/viewer)\n- Feature flags to disable dangerous operations (`ENABLE_EXEC=false`, `READ_ONLY_MODE=true`)\n- Audit log for every action with user, timestamp, and IP\n- Rate limiting on all API endpoints\n- Session-based auth with bcrypt + SHA-256 hashed tokens\n\n**Recommendations for production:**\n- Deploy behind HTTPS reverse proxy (Caddy config included)\n- Set strong `APP_SECRET` and `ENCRYPTION_KEY` (app refuses to start without them)\n- Set `COOKIE_SECURE=true` when behind HTTPS\n- Disable exec terminal if not needed (`ENABLE_EXEC=false`)\n- Use read-only mode for monitoring-only deployments (`READ_ONLY_MODE=true`)\n- Restrict network access to trusted IPs\n- Consider [docker-socket-proxy](https://github.com/Tecnativa/docker-socket-proxy) to limit API access (allow only read operations)\n- Review [SECURITY.md](SECURITY.md) for responsible disclosure process\n\n### Security Audit Results\n\n| Audit | Date | Score | Critical Issues |\n|-------|------|-------|----------------|\n| Tech Debt Scan | 2026-03-27 | 33 items found | All 4 CRITICAL fixed |\n| Production Readiness | 2026-03-28 | 9.2/10 | All P0+P1 resolved |\n| Shell Injection | 2026-03-28 | 0 vectors | All execSync eliminated |\n\n### Known Security Tradeoffs\n\nThese are conscious design decisions documented in [SECURITY.md](SECURITY.md):\n\n1. **CSP allows `unsafe-eval`** (but NOT `unsafe-inline`) — `unsafe-eval` required by Chart.js. All 67 inline handlers were converted to addEventListener in v5.0. XSS mitigated by output escaping on all user content (400+ `escapeHtml()` calls).\n2. **WebSocket accepts token via query string** — fallback for browsers that block cookies (Edge Tracking Prevention). Cookie-based auth is always preferred. Usage is logged.\n3. **Mixed auth model (cookie + Bearer + API key)** — cookies for browser UI, Bearer for API/CLI, API keys for integrations. All validate against the same session store.\n\n### Test Coverage\n\n- **384 tests** across **29 test files** (100% passing)\n- Unit tests: crypto, helpers, validation, git patterns\n- Integration tests: auth flow, API endpoints, RBAC, security\n- CI runs on every push via GitHub Actions\n\n## Contributing\n\nContributions are welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for:\n- Development setup\n- Architecture principles (no build step, no framework)\n- How to add pages, API endpoints, database migrations\n- How to add a language translation\n- Pull request checklist\n\n## Acknowledgments\n\nBuilt with:\n- [dockerode](https://github.com/apocas/dockerode) — Docker API client\n- [better-sqlite3](https://github.com/WiseLibs/better-sqlite3) — SQLite driver\n- [xterm.js](https://xtermjs.org/) — Terminal emulator\n- [Chart.js](https://www.chartjs.org/) — Charts\n- [Trivy](https://trivy.dev/) — Vulnerability scanner\n- [Grype](https://github.com/anchore/grype) — Vulnerability scanner by Anchore\n- [ssh2](https://github.com/mscdex/ssh2) — SSH client\n- [Font Awesome](https://fontawesome.com/) — Icons\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbogdanpricop%2Fdocker-dash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbogdanpricop%2Fdocker-dash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbogdanpricop%2Fdocker-dash/lists"}