Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/alexgustafsson/cupdate

A service to keep container images up-to-date. Made for Kubernetes and Docker.
https://github.com/alexgustafsson/cupdate

docker k8s kubernetes self-hosted update

Last synced: 1 day ago
JSON representation

A service to keep container images up-to-date. Made for Kubernetes and Docker.

Host: GitHub
URL: https://github.com/alexgustafsson/cupdate
Owner: AlexGustafsson
License: mit
Created: 2024-09-09T15:01:23.000Z (4 months ago)
Default Branch: main
Last Pushed: 2025-01-02T12:57:26.000Z (18 days ago)
Last Synced: 2025-01-02T13:34:14.862Z (18 days ago)
Topics: docker, k8s, kubernetes, self-hosted, update
Language: Go
Homepage:
Size: 8.87 MB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 5
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md

Awesome Lists containing this project

README

# Cupdate

Cupdate is a zero-config service that helps you keep your container images
up-to-date. It automatically identifies container images in use in your
Kubernetes cluster or on your Docker host. Cupdate then identifies the latest
available version and makes this data and more available to you via a UI, API or
through an RSS feed.

Cupdate is for those who like the process of keeping their services up-to-date,
looking through what's outdated and what features new updates bring. Cupdate
will not help you deploy the updates. If you deploy your services using things
like [flux](https://github.com/fluxcd/flux2), then there are great services that
will modify your manifests for you, such as Dependabot or
[Renovate](https://github.com/renovatebot/renovate). Cupdate is not about that,
nor will it ever be. That's not to say that Cupdate won't integrate well with
such services. Cupdate can still act as a dashboard of your deployed services,
visualizing their graphs and versions. Cupdate's APIs can also be used to write
such services/scripts with ease. There are example scripts for Kubernetes and
Docker in the [cookbook](docs/cookbook/README.md).

Features:

- Supports Kubernetes and Docker (one or more hosts, local or remote)
- Zero configuration required
- Performant and lightweight - uses virtually zero CPU and roughly 14MiB RAM
- Auto-detect container images in Kubernetes and Docker
- Auto-detect the latest available container image versions
- UI for discovering updates
- Subscribe to updates via an RSS feed
- Graphs image versions' dependants explaining why they're in use
- Vulnerability scanning via Docker Scout, Quay and the
GitHub Advisory Database through [vulndb](#vulndb)
- APIs for custom integrations

Supported registries:

- docker.io
- ghcr.io
- quay.io
- lscr.io
- registry.k8s.io
- k8s.gcr.io, gke.gcr.io, gcr.io
- registry.gitlab.com

Supported data sources:

- Docker Hub, Docker Scout
- GitHub, GitHub Container Registry
- GitLab
- Quay

## Getting started

Cupdate can be deployed using Kubernetes or Docker. It's designed to run well
with minimal required configuration. Please refer to the platform-specific
documentation for more information on how to get started with Cupdate:

- Running Cupdate using Kubernetes:
[docs/kubernetes/README.md](docs/kubernetes/README.md)
- Running Cupdate using Docker:
[docs/docker/README.md](docs/docker/README.md)

Cupdate can expose metrics and traces. For more information on how to use them,
see [docs/observability/README.md](docs/observability/README.md).

Although not recommended or intended, Cupdate can be run directly on host. In
that case, please build Cupdate and run it using the instructions in
[CONTRIBUTING.md](CONTRIBUTING.md).

## Screenshots

| Light mode | Dark mode |
| ----------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- |
| ![Dashboard screenshot in light mode](./docs/screenshots/dashboard-light.png) | ![Dashboard screenshot in dark mode](./docs/screenshots/dashboard-dark.png) |
| ![Dashboard screenshot on small screen in light mode](./docs/screenshots/dashboard-small-light.png) | ![Dashboard screenshot on small screen in dark mode](./docs/screenshots/dashboard-small-dark.png) |
| ![Image page screenshot in light mode](./docs/screenshots/image-page-light.png) | ![Image page screenshot in dark mode](./docs/screenshots/image-page-dark.png) |
| ![Image page release screenshot page in light mode](./docs/screenshots/image-page-release-light.png) | ![Image page release screenshot in dark mode](./docs/screenshots/image-page-release-dark.png) |
| ![Image page graph screenshot page in light mode](./docs/screenshots/image-page-graph-light.png) | ![Image page graph screenshot in dark mode](./docs/screenshots/image-page-graph-dark.png) |
| ![Vulnerable image page screenshot in light mode](./docs/screenshots/image-page-vulnerable-light.png) | ![Vulnerable image page screenshot in dark mode](./docs/screenshots/image-page-vulnerable-dark.png) |

## Vulndb

Vulndb is a tiny sqlite file that contains information useful to statically look
up known vulnerabilities in container images based on their source repositories.
For now it uses GitHub's advisory database.

For more information see [tools/vulndb/README.md](tools/vulndb/README.md).

The database is updated daily and published as an OCI artifact used by Cupdate.
The artifact is available here:
.

For more advanced scanning requirements, use something like
[Trivy](https://github.com/aquasecurity/trivy) or
[Grype](https://github.com/anchore/grype).