- 📖 Documentation
- 🚀 Quick Start
- 📸 Screenshots
- ✨ Features
- 🔌 Supported Integrations
- ⚖️ Feature Comparison
- 🔄 Migration
- 🗺️ Roadmap
- 📖 Documentation
- ⭐ Star History
- 🔧 Built With
docker run -d \
--name drydock \
-p 3000:3000 \
-v /var/run/docker.sock:/var/run/docker.sock \
codeswhat/drydock:latestThe image includes trivy and cosign binaries for local vulnerability scanning and image verification.
See the Quick Start guide for Docker Compose, socket security, reverse proxy, and alternative registries.
Dashboard
| Light | Dark |
 |
 |
Containers
| Light | Dark |
 |
 |
Container Detail
| Light | Dark |
 |
 |
Security
| Light | Dark |
 |
 |
Login
| Light | Dark |
 |
 |
Mobile Responsive
| Dashboard Light | Dashboard Dark | Containers Light | Containers Dark |
 |
 |
 |
 |
| Auto-detect running containers and check for image updates across registries | Slack, Discord, Telegram, Teams, Matrix, SMTP, MQTT, HTTP webhooks, Gotify, NTFY, and more | Docker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more |
| Auto-pull and recreate services via docker-compose with service-scoped compose image patching | Monitor remote Docker hosts with SSE-based agent architecture | Event-based audit trail with persistent storage, REST API, and Prometheus counter |
| Authelia, Auth0, Authentik — secure your dashboard with OpenID Connect | Built-in /metrics endpoint with optional auth bypass for monitoring stacks | Automatic pre-update image backup with configurable retention and one-click rollback |
| Start, stop, restart, and update containers from the UI or API with feature-flag control | Token-authenticated HTTP endpoints for CI/CD integration to trigger watch cycles and updates | Smart stack detection via compose project or labels with collapsible groups and batch-update |
| Pre/post-update shell commands via container labels with configurable timeout and abort control | Automatic rollback on health check failure with configurable monitoring window and interval | DVD-style animated overlay during drydock's own container update with auto-reconnect |
| Auto-resolved container icons via selfhst/icons with homarr-labs fallback and bundled selfhst seeds for internetless startup | Fully responsive dashboard with optimized mobile breakpoints for all views | Available on GHCR, Docker Hub, and Quay.io for flexible deployment |
Docker Hub · GHCR · ECR · ACR · GCR · GAR · GitLab · Quay · LSCR · Harbor · Artifactory · Nexus · Gitea · Forgejo · Codeberg · MAU · TrueForge · Custom · DOCR · DHI · IBM Cloud · Oracle Cloud · Alibaba Cloud
Apprise · Command · Discord · Docker · Docker Compose · Google Chat · Gotify · HTTP · IFTTT · Kafka · Matrix · Mattermost · MQTT · MS Teams · NTFY · Pushover · Rocket.Chat · Slack · SMTP · Telegram
Anonymous (default) · Basic (username + password hash) · OIDC (Authelia, Auth0, Authentik). All auth flows fail closed by default.
API note: POST /api/containers/:id/env/reveal is currently scoped to authentication only (no per-container RBAC yet), so any authenticated user is treated as a trusted operator for secret reveal actions.
Trivy-powered vulnerability scanning blocks unsafe updates before they deploy. Includes cosign signature verification and SBOM generation (CycloneDX & SPDX).
How does drydock compare to other container update tools?
✅ = supported ❌ = not supported
⚠️ = partial / limited For the full itemized changelog, see CHANGELOG.md.
| Feature | drydock | WUD | Diun | Watchtower † | Ouroboros † |
|---|---|---|---|---|---|
| Web UI / Dashboard | ✅ | ✅ | ❌ | ❌ | ❌ |
| Auto-update containers | ✅ | ✅ | ❌ | ✅ | ✅ |
| Docker Compose updates | ✅ | ✅ | ❌ | ❌ | |
| Notification triggers | 20 | 16 | 17 | ~19 | ~6 |
| Registry providers | 23 | 13 | |||
| OIDC / SSO authentication | ✅ | ✅ | ❌ | ❌ | ❌ |
| REST API | ✅ | ✅ | ❌ | ||
| Prometheus metrics | ✅ | ✅ | ❌ | ✅ | ✅ |
| MQTT / Home Assistant | ✅ | ✅ | ✅ | ❌ | ❌ |
| Image backup & rollback | ✅ | ❌ | ❌ | ❌ | ❌ |
| Container grouping / stacks | ✅ | ✅ | ❌ | ❌ | |
| Lifecycle hooks (pre/post) | ✅ | ❌ | ❌ | ✅ | ❌ |
| Webhook API for CI/CD | ✅ | ❌ | ❌ | ✅ | ❌ |
| Container start/stop/restart/update | ✅ | ❌ | ❌ | ❌ | ❌ |
| Distributed agents (remote) | ✅ | ❌ | ✅ | ❌ | |
| Audit log | ✅ | ❌ | ❌ | ❌ | ❌ |
| Security scanning (Trivy) | ✅ | ❌ | ❌ | ❌ | ❌ |
| Semver-aware updates | ✅ | ✅ | ✅ | ❌ | ❌ |
| Digest watching | ✅ | ✅ | ✅ | ✅ | ✅ |
| Multi-arch (amd64/arm64) | ✅ | ✅ | ✅ | ✅ | ✅ |
| Actively maintained | ✅ | ✅ | ✅ | ❌ | ❌ |
Data based on publicly available documentation as of February 2026. Contributions welcome if any information is inaccurate.
Migrating from WUD (What's Up Docker?)
Drop-in replacement — swap the image, restart, done. All WUD_* env vars and wud.* labels are auto-mapped at startup. State file migrates automatically. Use config migrate --dry-run to preview, then config migrate --file .env --file compose.yaml to rewrite config to drydock naming.
Here's what's coming. WUD WUD_* env vars and wud.* labels remain fully supported at runtime — see 🔄 Migration for details.
| Version | Theme | Highlights |
|---|---|---|
| v1.3.x ✅ | Security & Stability | Trivy scanning, Update Bouncer, SBOM, 7 new registries, 4 new triggers, rollback fixes, GHCR auth, self-hosted TLS, re2js regex engine, compose trigger fixes, DB persistence on shutdown |
| v1.4.0 ✅ | UI Modernization & Hardening | Tailwind CSS 4 + custom component library, 4 themes, 7 icon libraries, Cmd/K command palette, compose-native YAML-preserving updates, rename-first rollback with health gates, self-update controller with SSE ack, fail-closed auth enforcement, tag-family semver, notification rules, container grouping by stack, audit history view, dual-slot security scanning, scheduled scans, WUD migration CLI, bundled offline icons, dashboard drag-reorder, gzip compression, API error sanitization, agent log validation, TLS path redaction, audit store indexing with 30-day retention, type-safe store modules, durable batch scans, recent-status API |
| v1.5.0 | Observability | Real-time log viewer, container resource monitoring, registry webhooks |
| v1.5.1 | Scanner Decoupling | Backend-based scanner execution (docker/remote), Grype provider, scanner asset lifecycle |
| v1.6.0 | Notifications & Release Intel | Notification templates, release notes in notifications, MS Teams & Matrix triggers |
| v1.7.0 | Smart Updates & UX | Dependency-aware ordering, clickable port links, image prune, static image monitoring, dashboard customization |
| v1.8.0 | Fleet Management & Live Config | YAML config, live UI config panels, volume browser, parallel updates, SQLite store migration, i18n framework |
| v2.0.0 | Platform Expansion | Docker Swarm, Kubernetes watchers and triggers, basic GitOps |
| v2.1.0 | Advanced Deployment Patterns | Health check gates, canary deployments, durable self-update controller |
| v2.2.0 | Container Operations | Web terminal, file browser, image building, basic Podman support |
| v2.3.0 | Automation & Developer Experience | API keys, passkey auth, TOTP 2FA, OpenAPI docs, TypeScript actions, CLI |
| v2.4.0 | Data Safety & Templates | Scheduled backups (S3, SFTP), compose templates, secret management |
| v3.0.0 | Advanced Platform | Network topology, GPU monitoring, full i18n translations |
| v3.1.0 | Enterprise Access & Compliance | RBAC, LDAP/AD, environment-scoped permissions, audit logging, Wolfi hardened image |
| Resource | Link |
|---|---|
| Website | drydock.codeswhat.com |
| Docs | drydock.codeswhat.com/docs |
| Configuration | Configuration |
| Quick Start | Quick Start |
| Changelog | CHANGELOG.md |
| Roadmap | See Roadmap section above |
| Contributing | CONTRIBUTING.md |
| Issues | GitHub Issues |
| Discussions | GitHub Discussions — feature requests & ideas welcome |
