Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/alexgustafsson/cupdate

A service to keep container images up-to-date. Made for Kubernetes and Docker.
https://github.com/alexgustafsson/cupdate

docker k8s kubernetes self-hosted update

Last synced: 4 months ago
JSON representation

A service to keep container images up-to-date. Made for Kubernetes and Docker.

Awesome Lists containing this project

README 

        


  Logo




# Cupdate



Cupdate is a zero-config service that helps you keep your container images

up-to-date. It automatically identifies container images in use in your

Kubernetes cluster or on your Docker host. Cupdate then identifies the latest

available version and makes this data and more available to you via a UI, API or

through an RSS feed.



Cupdate is for those who like the process of keeping their services up-to-date,

looking through what's outdated and what features new updates bring. Cupdate

will not help you deploy the updates. If you deploy your services using things

like [flux](https://github.com/fluxcd/flux2), then there are great services that

will modify your manifests for you, such as Dependabot or

[Renovate](https://github.com/renovatebot/renovate). Cupdate is not about that,

nor will it ever be. That's not to say that Cupdate won't integrate well with

such services. Cupdate can still act as a dashboard of your deployed services,

visualizing their graphs and versions. Cupdate's APIs can also be used to write

such services/scripts with ease. There are example scripts for Kubernetes and

Docker in the [cookbook](docs/cookbook/README.md).



Features:



- Supports Kubernetes and Docker (one or more hosts, local or remote)

- Zero configuration required

- Performant and lightweight - uses virtually zero CPU and roughly 14MiB RAM

- Auto-detect container images in Kubernetes and Docker

- Auto-detect the latest available container image versions

- UI for discovering updates

- Subscribe to updates via an RSS feed

- Graphs image versions' dependants explaining why they're in use

- Vulnerability scanning via Docker Scout, Quay and the

  GitHub Advisory Database through [vulndb](#vulndb)

- APIs for custom integrations



Supported registries:



- docker.io

- ghcr.io

- quay.io

- lscr.io

- registry.k8s.io

- k8s.gcr.io, gke.gcr.io, gcr.io

- registry.gitlab.com

- ... other OCI-compliant registries (Zot, Harbor, Gitea)



Supported data sources:



- Docker Hub, Docker Scout

- GitHub, GitHub Container Registry

- GitLab

- Quay

- OpenSSF Scorecard reports



## Getting started



Cupdate can be deployed using Kubernetes or Docker. It's designed to run well

with minimal required configuration. Refer to the platform-specific

documentation for more information on how to get started with Cupdate:



- Running Cupdate using Kubernetes:

  [docs/kubernetes/README.md](docs/kubernetes/README.md)

- Running Cupdate using Docker:

  [docs/docker/README.md](docs/docker/README.md)



Cupdate can expose metrics and traces. For more information on how to use them,

see [docs/observability/README.md](docs/observability/README.md).



If you want to deploy Cupdate as a container through other means, chose the

latest [released version](https://github.com/AlexGustafsson/cupdate/releases)

and refer to the general config documentation in

[docs/config.md](docs/config.md). The `latest` tag tracks the main branch and is

therefore not recommended to use unless you want to try out the latest features.



Although not recommended or intended, Cupdate can be run directly on host. In

that case, please build Cupdate and run it using the instructions in

[CONTRIBUTING.md](CONTRIBUTING.md).



## Screenshots



| Light mode                                                                                            | Dark mode                                                                                           |

| ----------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |

| ![Dashboard screenshot in light mode](./docs/screenshots/dashboard-light.png)                         | ![Dashboard screenshot in dark mode](./docs/screenshots/dashboard-dark.png)                         |

| ![Dashboard screenshot on small screen in light mode](./docs/screenshots/dashboard-small-light.png)   | ![Dashboard screenshot on small screen in dark mode](./docs/screenshots/dashboard-small-dark.png)   |

| ![Image page screenshot in light mode](./docs/screenshots/image-page-light.png)                       | ![Image page screenshot in dark mode](./docs/screenshots/image-page-dark.png)                       |

| ![Image page release screenshot page in light mode](./docs/screenshots/image-page-release-light.png)  | ![Image page release screenshot in dark mode](./docs/screenshots/image-page-release-dark.png)       |

| ![Image page graph screenshot page in light mode](./docs/screenshots/image-page-graph-light.png)      | ![Image page graph screenshot in dark mode](./docs/screenshots/image-page-graph-dark.png)           |

| ![Vulnerable image page screenshot in light mode](./docs/screenshots/image-page-vulnerable-light.png) | ![Vulnerable image page screenshot in dark mode](./docs/screenshots/image-page-vulnerable-dark.png) |



## Vulndb



Vulndb is a tiny sqlite file that contains information useful to statically look

up known vulnerabilities in container images based on their source repositories.

For now it uses GitHub's advisory database.



For more information see [tools/vulndb/README.md](tools/vulndb/README.md).



The database is updated daily and published as an OCI artifact used by Cupdate.

The artifact is available here:

.



For more advanced scanning requirements, use something like

[Trivy](https://github.com/aquasecurity/trivy) or

[Grype](https://github.com/anchore/grype).