{"id":44310247,"url":"https://github.com/codeswhat/drydock","last_synced_at":"2026-04-04T23:01:45.703Z","repository":{"id":337312117,"uuid":"1153040945","full_name":"CodesWhat/drydock","owner":"CodesWhat","description":"Open source container update monitoring — 23 registries, 20 notification triggers, audit log, OIDC auth, Prometheus metrics, and a modern dashboard.","archived":false,"fork":false,"pushed_at":"2026-04-02T23:03:02.000Z","size":26197,"stargazers_count":171,"open_issues_count":18,"forks_count":10,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-03T04:55:43.898Z","etag":null,"topics":["containers","devops","docker","docker-compose","homelab","monitoring","notifications","prometheus","self-hosted","typescript","vuejs","watchtower-alternative"],"latest_commit_sha":null,"homepage":"https://getdrydock.com","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CodesWhat.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"CodesWhat","ko_fi":"codeswhat","buy_me_a_coffee":"codeswhat"}},"created_at":"2026-02-08T20:09:53.000Z","updated_at":"2026-04-03T01:53:34.000Z","dependencies_parsed_at":"2026-03-06T07:06:32.892Z","dependency_job_id":null,"html_url":"https://github.com/CodesWhat/drydock","commit_stats":null,"previous_names":["codeswhat/whatsupdocker-ce","codeswhat/drydock"],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/CodesWhat/drydock","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodesWhat%2Fdrydock","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodesWhat%2Fdrydock/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodesWhat%2Fdrydock/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodesWhat%2Fdrydock/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CodesWhat","download_url":"https://codeload.github.com/CodesWhat/drydock/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CodesWhat%2Fdrydock/sbom","scorecard":{"id":1243163,"data":{"date":"2026-02-10T05:42:17Z","repo":{"name":"github.com/CodesWhat/drydock","commit":"34447e0f1a1d215e19a5ea33725989e3c3627452"},"scorecard":{"version":"v5.3.0","commit":"c22063e786c11f9dd714d777a687ff7c4599b600"},"score":6,"checks":[{"name":"Maintained","score":0,"reason":"project was created within the last 90 days. Please review its contents carefully","details":["Warn: Repository was created within the last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/8 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dependency-update-tool"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#dangerous-workflow"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#security-policy"}},{"name":"Token-Permissions","score":8,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:54","Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:94","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:18","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:17","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:15","Info: jobLevel 'contents' permission set to 'read': .github/workflows/release.yml:24","Info: jobLevel 'contents' permission set to 'read': .github/workflows/scorecard.yml:15","Warn: no topLevel permission defined: .github/workflows/ci.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/scorecard.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":4,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'","Warn: 'stale review dismissal' is disabled on branch 'main'","Warn: required approving review count is 1 on branch 'main'","Warn: codeowners review is not required on branch 'main'","Warn: 'last push approval' is disabled on branch 'main'","Warn: 'up-to-date branches' is disabled on branch 'main'","Info: status check found to merge onto on branch 'main'","Info: PRs are required in order to make changes on branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#branch-protection"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":7,"reason":"dependency not pinned by hash detected -- score normalized to 7","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/CodesWhat/drydock/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/CodesWhat/drydock/codeql.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/CodesWhat/drydock/codeql.yml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating node:24-alpine to node:24-alpine@sha256:cd6fb7efa6490f039f3471a189214d5f548c11df1ff9e5b181aa49e22c14383e","Warn: containerImage not pinned by hash: Dockerfile:26","Warn: containerImage not pinned by hash: Dockerfile:42","Warn: containerImage not pinned by hash: Dockerfile:56","Info:  10 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   8 out of   8 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   8 out of   8 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (10) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#sast"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:19"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#packaging"}},{"name":"Contributors","score":0,"reason":"project has 0 contributing companies or organizations -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#contributors"}},{"name":"CI-Tests","score":10,"reason":"5 out of 5 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#ci-tests"}},{"name":"Vulnerabilities","score":0,"reason":"16 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf","Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674","Warn: Project is vulnerable to: GHSA-p3vf-v8qc-cwcr","Warn: Project is vulnerable to: GHSA-vhxf-7vqr-mrjg","Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97","Warn: Project is vulnerable to: GHSA-rc47-6667-2j5j","Warn: Project is vulnerable to: GHSA-4r62-v4vq-hr96","Warn: Project is vulnerable to: GHSA-5v2h-r2cx-5xgj","Warn: Project is vulnerable to: GHSA-rrrm-qjm4-v8hf","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg","Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q","Warn: Project is vulnerable to: GHSA-73rr-hh4g-fpgx"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2026-02-10T10:56:22.732Z","repository_id":337312117,"created_at":"2026-02-10T10:56:22.732Z","updated_at":"2026-02-10T10:56:22.732Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31418287,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T20:09:54.854Z","status":"ssl_error","status_checked_at":"2026-04-04T20:09:44.350Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["containers","devops","docker","docker-compose","homelab","monitoring","notifications","prometheus","self-hosted","typescript","vuejs","watchtower-alternative"],"created_at":"2026-02-11T04:03:58.325Z","updated_at":"2026-04-04T23:01:45.690Z","avatar_url":"https://github.com/CodesWhat.png","language":"TypeScript","readme":"\u003e [!IMPORTANT]\n\u003e **Trivy Supply Chain Compromise (GHSA-69fq-xp46-6x23):** Drydock is **not affected**. We do not use the compromised GitHub Actions, the bundled Trivy binary is pinned to a safe version (v0.69.3), and all CI actions are SHA-pinned. No compromised code was ever pulled or shipped. [Full advisory \u0026rarr;](https://getdrydock.com/security/trivy-supply-chain-march-2026)\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"docs/assets/whale-logo-dark.png\" /\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"docs/assets/whale-logo.png\" /\u003e\n  \u003cimg src=\"docs/assets/whale-logo.png\" alt=\"drydock\" width=\"220\"\u003e\n\u003c/picture\u003e\n\n\u003ch1\u003edrydock\u003c/h1\u003e\n\n**Open source container update monitoring — built in TypeScript with modern tooling.**\n\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/releases\"\u003e\u003cimg src=\"https://img.shields.io/badge/version-1.5.0-blue\" alt=\"Version\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/pkgs/container/drydock\"\u003e\u003cimg src=\"https://img.shields.io/badge/GHCR-50K%2B_pulls-2ea44f?logo=github\u0026logoColor=white\" alt=\"GHCR pulls\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://hub.docker.com/r/codeswhat/drydock\"\u003e\u003cimg src=\"https://img.shields.io/docker/pulls/codeswhat/drydock?logo=docker\u0026logoColor=white\u0026label=Docker+Hub\" alt=\"Docker Hub pulls\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://quay.io/repository/codeswhat/drydock\"\u003e\u003cimg src=\"https://img.shields.io/badge/Quay.io-image-ee0000?logo=redhat\u0026logoColor=white\" alt=\"Quay.io\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/orgs/CodesWhat/packages/container/package/drydock\"\u003e\u003cimg src=\"https://img.shields.io/badge/platforms-amd64%20%7C%20arm64-informational?logo=linux\u0026logoColor=white\" alt=\"Multi-arch\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/orgs/CodesWhat/packages/container/package/drydock\"\u003e\u003cimg src=\"https://img.shields.io/docker/image-size/codeswhat/drydock/latest?logo=docker\u0026logoColor=white\u0026label=image%20size\" alt=\"Image size\"\u003e\u003c/a\u003e\n  \u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-AGPL--3.0-C9A227\" alt=\"License AGPL-3.0\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/stargazers\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/CodesWhat/drydock?style=flat\" alt=\"Stars\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/forks\"\u003e\u003cimg src=\"https://img.shields.io/github/forks/CodesWhat/drydock?style=flat\" alt=\"Forks\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/issues\"\u003e\u003cimg src=\"https://img.shields.io/github/issues/CodesWhat/drydock?style=flat\" alt=\"Issues\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/commits/main\"\u003e\u003cimg src=\"https://img.shields.io/github/last-commit/CodesWhat/drydock?style=flat\" alt=\"Last commit\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/commits/main\"\u003e\u003cimg src=\"https://img.shields.io/github/commit-activity/m/CodesWhat/drydock?style=flat\" alt=\"Commit activity\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/discussions\"\u003e\u003cimg src=\"https://img.shields.io/github/discussions/CodesWhat/drydock?style=flat\" alt=\"Discussions\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock\"\u003e\u003cimg src=\"https://img.shields.io/github/repo-size/CodesWhat/drydock?style=flat\" alt=\"Repo size\"\u003e\u003c/a\u003e\n  \u003cimg src=\"https://komarev.com/ghpvc/?username=CodesWhat-drydock\u0026label=repo+views\u0026style=flat\" alt=\"Repo views\"\u003e\n  \u003ca href=\"https://github.com/veggiemonk/awesome-docker#container-management\"\u003e\u003cimg src=\"https://awesome.re/mentioned-badge.svg\" alt=\"Mentioned in Awesome Docker\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/CodesWhat/drydock/actions/workflows/ci-verify.yml\"\u003e\u003cimg src=\"https://github.com/CodesWhat/drydock/actions/workflows/ci-verify.yml/badge.svg?branch=main\" alt=\"CI\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://www.bestpractices.dev/projects/11915\"\u003e\u003cimg src=\"https://www.bestpractices.dev/projects/11915/badge\" alt=\"OpenSSF Best Practices\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://securityscorecards.dev/viewer/?uri=github.com/CodesWhat/drydock\"\u003e\u003cimg src=\"https://img.shields.io/ossf-scorecard/github.com/CodesWhat/drydock?label=openssf+scorecard\u0026style=flat\" alt=\"OpenSSF Scorecard\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://app.codecov.io/gh/CodesWhat/drydock\"\u003e\u003cimg src=\"https://codecov.io/gh/CodesWhat/drydock/graph/badge.svg?token=b90d4863-46c5-40d2-bf00-f6e4a79c8656\" alt=\"Codecov\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://dashboard.stryker-mutator.io/reports/github.com/CodesWhat/drydock/main\"\u003e\u003cimg src=\"https://img.shields.io/endpoint?style=flat\u0026url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2FCodesWhat%2Fdrydock%2Fmain\" alt=\"Mutation testing\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://qlty.sh/gh/CodesWhat/projects/drydock\"\u003e\u003cimg src=\"https://qlty.sh/gh/CodesWhat/projects/drydock/maintainability.svg\" alt=\"Maintainability\"\u003e\u003c/a\u003e\n  \u003ca href=\"https://snyk.io/test/github/CodesWhat/drydock?targetFile=app/package.json\"\u003e\u003cimg src=\"https://snyk.io/test/github/CodesWhat/drydock/badge.svg?targetFile=app/package.json\" alt=\"Snyk\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\"\u003e📑 Contents\u003c/h2\u003e\n\n- [📖 Documentation](https://getdrydock.com/docs)\n- [🚀 Quick Start](#quick-start)\n- [🆕 Recent Updates](#recent-updates)\n- [📸 Screenshots \u0026 Live Demo](#screenshots)\n- [✨ Features](#features)\n- [🔌 Supported Integrations](#supported-integrations)\n- [⚖️ Feature Comparison](#feature-comparison)\n- [🔄 Migration](#migration)\n- [🗺️ Roadmap](#roadmap)\n- [⭐ Star History](#star-history)\n- [🔧 Built With](#built-with)\n- [🤝 Community QA](#community-qa)\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"quick-start\"\u003e🚀 Quick Start\u003c/h2\u003e\n\n**Recommended: use a socket proxy** to restrict which Docker API endpoints Drydock can access. This avoids giving the container full access to the Docker socket.\n\n```yaml\nservices:\n  drydock:\n    image: codeswhat/drydock\n    depends_on:\n      socket-proxy:\n        condition: service_healthy\n    environment:\n      - DD_WATCHER_LOCAL_HOST=socket-proxy\n      - DD_WATCHER_LOCAL_PORT=2375\n      - DD_AUTH_BASIC_ADMIN_USER=admin\n      - \"DD_AUTH_BASIC_ADMIN_HASH=\u003cpaste-argon2id-hash\u003e\"\n    ports:\n      - 3000:3000\n\n  socket-proxy:\n    image: tecnativa/docker-socket-proxy\n    volumes:\n      - /var/run/docker.sock:/var/run/docker.sock\n    environment:\n      - CONTAINERS=1\n      - IMAGES=1\n      - EVENTS=1\n      - SERVICES=1\n      # Add POST=1 and NETWORKS=1 for container actions and auto-updates\n    healthcheck:\n      test: wget --spider http://localhost:2375/version || exit 1\n      interval: 5s\n      timeout: 3s\n      retries: 3\n      start_period: 5s\n    restart: unless-stopped\n```\n\n\u003cdetails\u003e\n\u003csummary\u003eAlternative: quick start with direct socket mount\u003c/summary\u003e\n\n```bash\ndocker run -d \\\n  --name drydock \\\n  -p 3000:3000 \\\n  -v /var/run/docker.sock:/var/run/docker.sock \\\n  -e DD_AUTH_BASIC_ADMIN_USER=admin \\\n  -e \"DD_AUTH_BASIC_ADMIN_HASH=\u003cpaste-argon2id-hash\u003e\" \\\n  codeswhat/drydock:latest\n```\n\n\u003e **Warning:** Direct socket access grants the container full control over the Docker daemon. Use the socket proxy setup above for production deployments. See the [Docker Socket Security guide](https://getdrydock.com/docs/configuration/watchers#docker-socket-security) for all options including remote TLS and rootless Docker.\n\n\u003c/details\u003e\n\n\u003e Generate a password hash (`argon2` CLI — install via your package manager):\n\u003e\n\u003e ```bash\n\u003e echo -n \"yourpassword\" | argon2 $(openssl rand -base64 32) -id -m 16 -t 3 -p 4 -l 64 -e\n\u003e ```\n\u003e\n\u003e Or with Node.js 24+ (no extra packages needed):\n\u003e\n\u003e ```bash\n\u003e node -e 'const c=require(\"node:crypto\");const s=c.randomBytes(32);const h=c.argon2Sync(\"argon2id\",{message:process.argv[1],nonce:s,memory:65536,passes:3,parallelism:4,tagLength:64});console.log(\"argon2id$65536$3$4$\"+s.toString(\"base64\")+\"$\"+h.toString(\"base64\"));' \"yourpassword\"\n\u003e ```\n\u003e\n\u003e Legacy v1.3.9 Basic auth hashes (`{SHA}`, `$apr1$`/`$1$`, `crypt`, and plain) are accepted for upgrade compatibility but deprecated (removed in v1.6.0). Argon2id is recommended for all new configurations.\n\u003e Authentication is **required by default**. See the [auth docs](https://getdrydock.com/docs/configuration/authentications) for OIDC, anonymous access, and other options.\n\u003e To explicitly allow anonymous access on fresh installs, set `DD_ANONYMOUS_AUTH_CONFIRM=true`.\n\nThe image includes `trivy` and `cosign` binaries for local vulnerability scanning and image verification.\n\nSee the [Quick Start guide](https://getdrydock.com/docs/quickstart) for Docker Compose, socket security, reverse proxy, and alternative registries.\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"recent-updates\"\u003e🆕 Recent Updates\u003c/h2\u003e\n\n- **Real-time container log viewer** — WebSocket-based live log streaming with ANSI color rendering, JSON syntax highlighting, regex search, and gzip download.\n- **Dashboard customization** — Drag-to-reorder, resize, and per-widget visibility toggles with a dedicated edit mode.\n- **Digest notifications** — Batch update events with `MODE=digest` and configurable `DIGESTCRON`.\n- **Design system components** — `AppIconButton`, `AppBadge`, `StatusDot`, `DetailField`, `AppTabBar` with WCAG 2.5.8 touch targets.\n- **Floating tag detection** — `tagPrecision` classifier warns when mutable aliases like `v3` are used without digest watching.\n- **Podman compatibility** — API version negotiation prevents `EAI_AGAIN` crashes with Podman socket connections.\n- **Bearer token auth for `/metrics`** — `DD_SERVER_METRICS_TOKEN` for Prometheus scrapers without session auth.\n- **Toast notifications** — Success/error feedback for all container actions with auto-dismiss.\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"screenshots\"\u003e📸 Screenshots \u0026 Live Demo\u003c/h2\u003e\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\" align=\"center\"\u003e\u003cstrong\u003eLight\u003c/strong\u003e\u003c/td\u003e\n\u003ctd width=\"50%\" align=\"center\"\u003e\u003cstrong\u003eDark\u003c/strong\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd\u003e\u003cimg src=\"docs/assets/drydock-dashboard-light.png\" alt=\"Dashboard Light\"\u003e\u003c/td\u003e\n\u003ctd\u003e\u003cimg src=\"docs/assets/drydock-dashboard-dark.png\" alt=\"Dashboard Dark\"\u003e\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n**Why look at screenshots when you can experience it yourself?**\n\n\u003ca href=\"https://demo.getdrydock.com\"\u003e\u003cimg src=\"https://img.shields.io/badge/Try_the_Live_Demo-4f46e5?style=for-the-badge\u0026logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0IiBmaWxsPSJub25lIiBzdHJva2U9IndoaXRlIiBzdHJva2Utd2lkdGg9IjIiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIgc3Ryb2tlLWxpbmVqb2luPSJyb3VuZCI+PHBvbHlnb24gcG9pbnRzPSI2IDMgMjAgMTIgNiAyMSA2IDMiLz48L3N2Zz4=\u0026logoColor=white\" alt=\"Try the Live Demo\" height=\"36\"\u003e\u003c/a\u003e\n\nFully interactive — real UI, mock data, no install required. Runs entirely in-browser.\n\n\u003c/div\u003e\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"features\"\u003e✨ Features\u003c/h2\u003e\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eContainer Monitoring\u003c/h3\u003e\nAuto-detect running containers and check for image updates across registries\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003e20 Notification Triggers\u003c/h3\u003e\nSlack, Discord, Telegram, Teams, Matrix, SMTP, MQTT, HTTP webhooks, Gotify, NTFY, and more\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003e23 Registry Providers\u003c/h3\u003e\nDocker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\"\u003e\n\u003ch3\u003eDocker Compose Updates\u003c/h3\u003e\nAuto-pull and recreate services via Docker Engine API with YAML-preserving service-scoped image patching\n\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\n\u003ch3\u003eDistributed Agents\u003c/h3\u003e\nMonitor remote Docker hosts with SSE-based agent architecture\n\u003c/td\u003e\n\u003ctd align=\"center\"\u003e\n\u003ch3\u003eAudit Log\u003c/h3\u003e\nEvent-based audit trail with persistent storage, REST API, and Prometheus counter\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eOIDC Authentication\u003c/h3\u003e\nAuthelia, Auth0, Authentik — secure your dashboard with OpenID Connect\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003ePrometheus Metrics\u003c/h3\u003e\nBuilt-in /metrics endpoint with optional auth bypass for monitoring stacks\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eImage Backup \u0026 Rollback\u003c/h3\u003e\nAutomatic pre-update image backup with configurable retention and one-click rollback\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eContainer Actions\u003c/h3\u003e\nStart, stop, restart, and update containers from the UI or API with feature-flag control\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eWebhook API\u003c/h3\u003e\nToken-authenticated CI/CD endpoints for watch/update actions plus signed registry webhook ingestion for push events\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eContainer Grouping\u003c/h3\u003e\nSmart stack detection via compose project or labels with collapsible groups and batch-update\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eDigest Notifications\u003c/h3\u003e\nBatch update events over a schedule with trigger `MODE=digest` and configurable digest cron windows\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eSystem Log Streaming\u003c/h3\u003e\nReal-time WebSocket system log view in the UI with shared log viewer components\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eAdvanced List API\u003c/h3\u003e\nContainer list supports queryable sort/order, watched-kind, runtime status, watcher, and maturity filters\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eLifecycle Hooks\u003c/h3\u003e\nPre/post-update shell commands via container labels with configurable timeout and abort control\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eAuto Rollback\u003c/h3\u003e\nAutomatic rollback on health check failure with configurable monitoring window and interval\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eGraceful Self-Update\u003c/h3\u003e\nDVD-style animated overlay during drydock's own container update with auto-reconnect\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003ctr\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eIcon CDN\u003c/h3\u003e\nAuto-resolved container icons via selfhst/icons with homarr-labs fallback and bundled selfhst seeds for internetless startup\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eMobile Responsive\u003c/h3\u003e\nFully responsive dashboard with optimized mobile breakpoints for all views\n\u003c/td\u003e\n\u003ctd align=\"center\" width=\"33%\"\u003e\n\u003ch3\u003eMulti-Registry Publishing\u003c/h3\u003e\nAvailable on GHCR, Docker Hub, and Quay.io for flexible deployment\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"supported-integrations\"\u003e🔌 Supported Integrations\u003c/h2\u003e\n\n### 📦 Registries (23)\n\nDocker Hub · GHCR · ECR · ACR · GCR · GAR · GitLab · Quay · LSCR · Harbor · Artifactory · Nexus · Gitea · Forgejo · Codeberg · MAU · TrueForge · Custom · DOCR · DHI · IBM Cloud · Oracle Cloud · Alibaba Cloud\n\n### 🔔 Triggers (20)\n\nApprise · Command · Discord · Docker · Docker Compose · Google Chat · Gotify · HTTP · IFTTT · Kafka · Matrix · Mattermost · MQTT · MS Teams · NTFY · Pushover · Rocket.Chat · Slack · SMTP · Telegram\n\n### 🔐 Authentication\n\nAnonymous (opt-in via `DD_ANONYMOUS_AUTH_CONFIRM=true`) · Basic (username + password hash) · OIDC (Authelia, Auth0, Authentik). All auth flows fail closed by default.\n\nAPI note: `POST /api/v1/containers/:id/env/reveal` is currently scoped to authentication only (no per-container RBAC yet), so any authenticated user is treated as a trusted operator for secret reveal actions. The unversioned `/api/containers/:id/env/reveal` alias remains available during the API-version transition.\n\nOpenAPI note: machine-readable API docs are available at `GET /api/v1/openapi.json` (canonical) and `GET /api/openapi.json` (compatibility alias during transition).\n\nAPI versioning note: third-party integrations should migrate to `/api/v1/*`. The unversioned `/api/*` alias is deprecated and will be removed in v1.6.0.\n\n### 🥊 Update Bouncer\n\nTrivy-powered vulnerability scanning blocks unsafe updates before they deploy. Includes cosign signature verification and SBOM generation (CycloneDX \u0026 SPDX).\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"feature-comparison\"\u003e⚖️ Feature Comparison\u003c/h2\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eHow does drydock compare to other container update tools?\u003c/strong\u003e\u003c/summary\u003e\n\n\u003e ✅ = supported \u0026nbsp; ❌ = not supported \u0026nbsp; ⚠️ = partial / limited \u0026nbsp; For the full itemized changelog, see [CHANGELOG.md](CHANGELOG.md).\n\n\u003ctable\u003e\n\u003cthead\u003e\n\u003ctr\u003e\n\u003cth width=\"28%\"\u003eFeature\u003c/th\u003e\n\u003cth width=\"14%\" align=\"center\"\u003edrydock\u003c/th\u003e\n\u003cth width=\"14%\" align=\"center\"\u003eWUD\u003c/th\u003e\n\u003cth width=\"14%\" align=\"center\"\u003eDiun\u003c/th\u003e\n\u003cth width=\"16%\" align=\"center\"\u003eWatchtower\u0026nbsp;†\u003c/th\u003e\n\u003cth width=\"14%\" align=\"center\"\u003eOuroboros\u0026nbsp;†\u003c/th\u003e\n\u003c/tr\u003e\n\u003c/thead\u003e\n\u003ctbody\u003e\n\u003ctr\u003e\u003ctd\u003eWeb UI / Dashboard\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAuto-update containers\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eDocker Compose updates\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eNotification triggers\u003c/td\u003e\u003ctd align=\"center\"\u003e20\u003c/td\u003e\u003ctd align=\"center\"\u003e16\u003c/td\u003e\u003ctd align=\"center\"\u003e17\u003c/td\u003e\u003ctd align=\"center\"\u003e~19\u003c/td\u003e\u003ctd align=\"center\"\u003e~6\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eRegistry providers\u003c/td\u003e\u003ctd align=\"center\"\u003e23\u003c/td\u003e\u003ctd align=\"center\"\u003e13\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eOIDC / SSO authentication\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eREST API\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003ePrometheus metrics\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eMQTT / Home Assistant\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eImage backup \u0026 rollback\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eContainer grouping / stacks\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eLifecycle hooks (pre/post)\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eWebhook API for CI/CD\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eContainer start/stop/restart/update\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eDistributed agents (remote)\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e⚠️\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eAudit log\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSecurity scanning (Trivy)\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eSemver-aware updates\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eDigest watching\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eMulti-arch (amd64/arm64)\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eContainer log viewer\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003ctr\u003e\u003ctd\u003eActively maintained\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e✅\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003ctd align=\"center\"\u003e❌\u003c/td\u003e\u003c/tr\u003e\n\u003c/tbody\u003e\n\u003c/table\u003e\n\n\u003e Data based on publicly available documentation as of March 2026.\n\u003e Contributions welcome if any information is inaccurate.\n\n\u003c/details\u003e\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"migration\"\u003e🔄 Migration\u003c/h2\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eMigrating from WUD (What's Up Docker?)\u003c/strong\u003e\u003c/summary\u003e\n\nDrop-in replacement — swap the image, restart, done. All `WUD_*` env vars and `wud.*` labels are auto-mapped at startup. State file migrates automatically. Use `config migrate --dry-run` to preview, then `config migrate --file .env --file compose.yaml` to rewrite config to drydock naming.\n\n\u003c/details\u003e\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"roadmap\"\u003e🗺️ Roadmap\u003c/h2\u003e\n\n| Version | Theme | Highlights |\n| --- | --- | --- |\n| **v1.3.x** ✅ | Security \u0026 Stability | Trivy scanning, Update Bouncer, SBOM, 7 new registries, 4 new triggers, rollback fixes, GHCR auth, self-hosted TLS, re2js regex engine, compose trigger fixes, DB persistence on shutdown |\n| **v1.4.0** ✅ | UI Modernization \u0026 Hardening | Tailwind CSS 4 + custom component library, 6 themes, 7 icon libraries, font size preference, Cmd/K command palette, OpenAPI 3.1.0 endpoint, standardized API responses with pagination, compose-native YAML-preserving updates, rename-first rollback with health gates, self-update controller with SSE ack, fail-closed auth enforcement, OIDC redirect URL validation, tag-family semver, notification rules, container grouping by stack, audit history view, dual-slot security scanning, scheduled scans, WUD migration CLI, bundled offline icons, dashboard drag-reorder, gzip compression, API error sanitization, agent log validation, TLS path redaction, audit store indexing with 30-day retention, type-safe store modules, durable batch scans, recent-status API, advisory-only security scanning, compose trigger hardening (auto-detection, validation, reconciliation, digest pinning, batch mode, multi-file awareness), reactive server feature flags, identity-aware rate limiting, API hardening |\n| **v1.4.1** ✅ | Patch \u0026 Polish | Headless mode (API-only), maturity-based update policy (NEW/MATURE badges), `?groupByStack=true` URL param, agent handshake + SSE fix (#141), mangled hash detection + anonymous fallback + login error surfacing (#147), CSRF behind reverse proxies (#146), compose trigger affinity across remapped roots, CSP inline style elimination, connection-lost animation, LokiJS metadata stripping, timing side-channel fix, image hardening |\n| **v1.4.2** ✅ | Bug Fixes | Watcher container count fix (#155), container recreate alias filtering (#156), stale store data fix (#157), CI versioned-only images (#154), maturity badge sizing, dependency upgrades |\n| **v1.4.3** ✅ | DNS \u0026 Security | Configurable DNS result ordering for Alpine EAI_AGAIN fix (#161), Docker socket security guide, zizmor blocking in CI, scoped GitHub environments |\n| **v1.4.4** ✅ | UI Polish \u0026 Hardening | Alias dedup hardening with 30s transient window (#156), dashboard host-status for remote watchers (#155), tooltip viewport fix (#165), click-to-copy version tags (#164), Simple Icons dark mode inversion, theme switcher fix, search button polish, URL rebrand to getdrydock.com |\n| **v1.5.0** ✅ | Observability \u0026 User-Requested Features | Real-time WebSocket log viewer with ANSI colors + JSON syntax highlighting, dashboard customization (grid layout, drag, resize, widget visibility), container resource monitoring (CPU/memory stats + dashboard widget), diagnostic debug dump, registry webhook receiver, trigger env var aliases (`DD_ACTION_*`/`DD_NOTIFICATION_*`), digest notification mode, design system components (WCAG touch targets, shared primitives), floating tag detection + auto digest watching, bearer token auth for `/metrics`, Podman API version negotiation, toast notifications for all container actions, UI standardization (margins, text sizes, deprecation banners) |\n| **v1.5.1** | Scanner Decoupling | Backend-based scanner execution (docker/remote), Grype provider, scanner asset lifecycle |\n| **v1.6.0** | Notifications \u0026 Release Intel | Notification templates, release notes in notifications, notification preferences UI, cross-device preference sync, software version column, bidirectional MQTT for HA, remove all deprecated compatibility aliases (see [DEPRECATIONS.md](DEPRECATIONS.md)) |\n| **v1.7.0** | Smart Updates \u0026 UX | Dependency-aware ordering, clickable port links, image prune, static image monitoring, image maturity indicator, keyboard shortcuts, container uptime display, PWA support, debounced container discovery |\n| **v1.8.0** | Fleet Management \u0026 Live Config | YAML config, live UI config panels, volume browser, parallel updates, SQLite store migration + ID-based container identity, i18n framework + Crowdin integration |\n| **v2.0.0** | Platform Expansion | Docker Swarm, Kubernetes watchers and triggers, basic GitOps |\n| **v2.1.0** | Advanced Deployment Patterns | Health check gates, canary deployments, durable self-update controller |\n| **v2.2.0** | Container Operations | Web terminal, file browser, image building, basic Podman support |\n| **v2.3.0** | Automation \u0026 Developer Experience | API keys, passkey auth, TOTP 2FA, TypeScript actions, CLI |\n| **v2.4.0** | Data Safety \u0026 Templates | Scheduled backups (S3, SFTP), compose templates, secret management |\n| **v3.0.0** | Advanced Platform | Network topology, GPU monitoring, full i18n translations + RTL |\n| **v3.1.0** | Enterprise Access \u0026 Compliance | RBAC, LDAP/AD, environment-scoped permissions, audit logging, Wolfi hardened image |\n| **v3.2.0** | Drydock Socket Proxy | Built-in companion proxy container (allowlist-filtered Docker API), rootless Docker \u0026 remote TLS security docs |\n\n\u003chr\u003e\n\n\u003ch2 align=\"center\" id=\"documentation\"\u003e📖 Documentation\u003c/h2\u003e\n\n| Resource | Link |\n| --- | --- |\n| Website | [getdrydock.com](https://getdrydock.com/) |\n| Live Demo | [demo.getdrydock.com](https://demo.getdrydock.com) |\n| Docs | [getdrydock.com/docs](https://getdrydock.com/docs) |\n| Configuration | [Configuration](https://getdrydock.com/docs/configuration) |\n| Quick Start | [Quick Start](https://getdrydock.com/docs/quickstart) |\n| Changelog | [`CHANGELOG.md`](CHANGELOG.md) |\n| Deprecations | [`DEPRECATIONS.md`](DEPRECATIONS.md) |\n| Roadmap | See [Roadmap](#roadmap) section above |\n| Contributing | [`CONTRIBUTING.md`](CONTRIBUTING.md) |\n| Issues | [GitHub Issues](https://github.com/CodesWhat/drydock/issues) |\n| Discussions | [GitHub Discussions](https://github.com/CodesWhat/drydock/discussions) — feature requests \u0026 ideas welcome |\n\n\u003chr\u003e\n\n\u003ca id=\"star-history\"\u003e\u003c/a\u003e\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://star-history.com/#CodesWhat/drydock\u0026Date\"\u003e\n    \u003cimg alt=\"Star History Chart\" src=\"https://api.star-history.com/svg?repos=CodesWhat/drydock\u0026type=Date\" /\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n[![SemVer](https://img.shields.io/badge/semver-2.0.0-blue)](https://semver.org/)\n[![Conventional Commits](https://img.shields.io/badge/commits-conventional-fe5196?logo=conventionalcommits\u0026logoColor=fff)](https://www.conventionalcommits.org/)\n[![Keep a Changelog](https://img.shields.io/badge/changelog-Keep%20a%20Changelog-E05735)](https://keepachangelog.com/)\n\n### Built With\n\n[![TypeScript](https://img.shields.io/badge/TypeScript_5.9-3178C6?logo=typescript\u0026logoColor=fff)](https://www.typescriptlang.org/)\n[![Vue 3](https://img.shields.io/badge/Vue_3-42b883?logo=vuedotjs\u0026logoColor=fff)](https://vuejs.org/)\n[![Express 5](https://img.shields.io/badge/Express_5-000?logo=express\u0026logoColor=fff)](https://expressjs.com/)\n[![Vitest](https://img.shields.io/badge/Vitest_4-6E9F18?logo=vitest\u0026logoColor=fff)](https://vitest.dev/)\n[![Biome](https://img.shields.io/badge/Biome_2.4-60a5fa?logo=biome\u0026logoColor=fff)](https://biomejs.dev/)\n[![Node 24](https://img.shields.io/badge/Node_24_Alpine-339933?logo=nodedotjs\u0026logoColor=fff)](https://nodejs.org/)\n[![Docker](https://img.shields.io/badge/Docker-2496ED?logo=docker\u0026logoColor=fff)](https://www.docker.com/)\n[![Anthropic](https://img.shields.io/badge/Anthropic-000000?style=flat\u0026logo=anthropic\u0026logoColor=white)](https://claude.ai/)\n\n### Community QA\n\nThanks to the users who helped test v1.4.0 and v1.5.0 release candidates and reported bugs:\n\n[@RK62](https://github.com/RK62) \u0026middot; [@flederohr](https://github.com/flederohr) \u0026middot; [@rj10rd](https://github.com/rj10rd) \u0026middot; [@larueli](https://github.com/larueli) \u0026middot; [@Waler](https://github.com/Waler) \u0026middot; [@ElVit](https://github.com/ElVit) \u0026middot; [@nchieffo](https://github.com/nchieffo) \u0026middot; [@begunfx](https://github.com/begunfx) \u0026middot; [@Ra72xx](https://github.com/Ra72xx)\n\n---\n\n**[AGPL-3.0 License](LICENSE)**\n\n\u003ca href=\"https://github.com/CodesWhat\"\u003e\u003cimg src=\"docs/assets/codeswhat-logo-original.svg\" alt=\"CodesWhat\" height=\"28\"\u003e\u003c/a\u003e\n\n[![Ko-fi](https://img.shields.io/badge/Ko--fi-Support-ff5e5b?logo=kofi\u0026logoColor=white)](https://ko-fi.com/codeswhat)\n[![Buy Me a Coffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?logo=buymeacoffee\u0026logoColor=black)](https://buymeacoffee.com/codeswhat)\n[![Sponsor](https://img.shields.io/badge/Sponsor-ea4aaa?logo=githubsponsors\u0026logoColor=white)](https://github.com/sponsors/CodesWhat)\n\n\u003ca href=\"#drydock\"\u003eBack to top\u003c/a\u003e\n\n\u003c/div\u003e\n","funding_links":["https://github.com/sponsors/CodesWhat","https://ko-fi.com/codeswhat","https://buymeacoffee.com/codeswhat"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeswhat%2Fdrydock","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodeswhat%2Fdrydock","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodeswhat%2Fdrydock/lists"}