{"id":49104851,"url":"https://github.com/rifuki/dokuru","last_synced_at":"2026-06-28T09:00:52.164Z","repository":{"id":351102177,"uuid":"1209567020","full_name":"rifuki/dokuru","owner":"rifuki","description":"Agent-based Docker security audit platform with CIS Benchmark v1.8.0 compliance. Real-time WebSocket monitoring, automated vulnerability scanning, and interactive remediation","archived":false,"fork":false,"pushed_at":"2026-05-31T19:38:51.000Z","size":8617,"stargazers_count":9,"open_issues_count":0,"forks_count":4,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T21:21:02.578Z","etag":null,"topics":["audit","cis-benchmark","compliance","container","container-security","docker","security"],"latest_commit_sha":null,"homepage":"https://dokuru.rifuki.dev","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rifuki.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-13T14:57:12.000Z","updated_at":"2026-05-31T19:38:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rifuki/dokuru","commit_stats":null,"previous_names":["rifuki/dokuru"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/rifuki/dokuru","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rifuki%2Fdokuru","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rifuki%2Fdokuru/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rifuki%2Fdokuru/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rifuki%2Fdokuru/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rifuki","download_url":"https://codeload.github.com/rifuki/dokuru/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rifuki%2Fdokuru/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34882751,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-28T02:00:05.809Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audit","cis-benchmark","compliance","container","container-security","docker","security"],"created_at":"2026-04-21T01:06:53.870Z","updated_at":"2026-06-28T09:00:52.158Z","avatar_url":"https://github.com/rifuki.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dokuru\n\n**Agent-based Docker security audit and hardening platform.**\n\n[![CI](https://github.com/rifuki/dokuru/actions/workflows/ci.yaml/badge.svg)](https://github.com/rifuki/dokuru/actions/workflows/ci.yaml)\n\nDokuru audits Docker hosts against a pragmatic, CIS Docker Benchmark v1.8.0 aligned rule set, shows rule-level evidence, and applies supported hardening changes through a controlled preview, stream, history, and rollback workflow.\n\nThe project is designed for real Docker hosts, not only static reporting:\n\n- Audit host configuration, Docker daemon settings, daemon file permissions, image/runtime posture, namespaces, and cgroups.\n- Manage one or more Docker hosts from a hosted dashboard or the agent's embedded local dashboard.\n- Connect agents by direct URL, Cloudflare Tunnel, or outbound relay WebSocket for hosts behind NAT.\n- Preview fixes before mutation, stream each remediation step, and retain rollback metadata where the fix path can capture it.\n- Keep all Docker socket access inside `dokuru-agent`; the server never needs the host Docker socket.\n\n\u003e Dokuru can change Docker daemon configuration, audit rules, Compose files, Dockerfiles, container runtime settings, and cgroup limits. Run it only on infrastructure you control, test fixes in staging first, and treat every agent token as a secret.\n\n## Preview\n\n\u003cp\u003e\n  \u003cimg src=\"docs/screenshots/01-agents-empty-state.png\" alt=\"Dashboard after login with no agents connected\" width=\"100%\" /\u003e\n\u003c/p\u003e\n\n\u003cp\u003e\n  \u003cimg src=\"docs/screenshots/05-audit-running.png\" alt=\"Live security audit scan\" width=\"49%\" /\u003e\n  \u003cimg src=\"docs/screenshots/06-audit-result.png\" alt=\"Baseline audit result with score and available fixes\" width=\"49%\" /\u003e\n\u003c/p\u003e\n\n\u003cp\u003e\n  \u003cimg src=\"docs/screenshots/11-fix-applying.png\" alt=\"Applying selected fixes with evidence stream\" width=\"49%\" /\u003e\n  \u003cimg src=\"docs/screenshots/07-audit-fix-forecast.png\" alt=\"Audit and fix forecast result after remediation\" width=\"49%\" /\u003e\n\u003c/p\u003e\n\nSee the [screenshot gallery](docs/screenshots.md) for the full visual walkthrough.\n\n## Install\n\nDokuru can be used in two operating modes:\n\n| Mode | Server required | Best for | Access path |\n| --- | --- | --- | --- |\n| Hosted | Yes | Teams, multiple hosts, stored audit history, admin views | Browser to `dokuru-www`, then server to agent by relay or direct URL. |\n| Direct | No | Single host, local/private operation, quick inspection | Browser directly to the agent dashboard on port `3939`. |\n\nInstall the agent on a Docker host:\n\n```bash\ncurl -fsSL https://dokuru.rifuki.dev/install | bash\n```\n\nThe onboarding wizard installs the `dokuru` binary, creates `/etc/dokuru/config.toml`, generates a `dok_...` agent token, starts the systemd service, and prints the agent URL/token needed by the dashboard.\n\nFor the complete setup guide, see [docs/installation.md](docs/installation.md).\n\n## Documentation\n\n| Topic | Link |\n| --- | --- |\n| Installation and quick start | [docs/installation.md](docs/installation.md) |\n| Architecture and connection modes | [docs/architecture.md](docs/architecture.md) |\n| Audit and remediation flow | [docs/audit-remediation.md](docs/audit-remediation.md) |\n| Configuration | [docs/configuration.md](docs/configuration.md) |\n| API surface | [docs/api.md](docs/api.md) |\n| Security best practices | [docs/security.md](docs/security.md) |\n| Development and releases | [docs/development.md](docs/development.md) |\n| Product scope | [docs/product-scope.md](docs/product-scope.md) |\n| Screenshot gallery | [docs/screenshots.md](docs/screenshots.md) |\n\n## Repository Map\n\n| Component | Path | Role |\n| --- | --- | --- |\n| Agent | `dokuru-agent/` | Rust CLI and daemon installed on Docker hosts. Owns Docker socket access, audits, fix execution, local API, embedded dashboard, host shell, and relay client. |\n| Server | `dokuru-server/` | Rust/Axum control plane. Owns users, JWT sessions, PostgreSQL persistence, Redis token blacklist, stored audit history, notifications, admin APIs, and agent relay. |\n| Web Dashboard | `dokuru-www/` | React/TanStack dashboard. Owns agent onboarding UI, Docker resource pages, audit reports, FixWizard, realtime streams, settings, and admin views. |\n| Landing Site | `dokuru-landing/` | Leptos/Trunk public site for the hosted product and installer handoff. |\n| Deploy CLI | `dokuru-deploy/` | Rust helper for production Compose deployment, migration, health checks, config repair, and release updates. |\n| Shared Core | `dokuru-core/` | Shared audit report DTOs and scoring helpers used by server-side report views. |\n\n## License\n\nDokuru is licensed under the Apache License 2.0. See [LICENSE](LICENSE) for the full terms.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frifuki%2Fdokuru","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frifuki%2Fdokuru","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frifuki%2Fdokuru/lists"}