docker
Doco-CD stands for Docker Compose Continuous Deployment and is a lightweight GitOps tool that automatically deploys and updates Docker Compose projects and Swarm stacks via webhooks or polling when a change is pushed to a Git repository.
Docker Volume Backups With Safer Restores
VolumeVault is a self-hosted Laravel application for managing Docker volume backups and safe restores to storage backends supported by offen/docker-volume-backup.
Self-hosted dev sandboxes with preview URLs. One command. No Kubernetes, perfect for coding agents and Saas factories.
The open-source engine for AI app-builder products. Give every user an isolated cloud dev environment, a built-in coding agent, and a live preview URL — self-hosted, on one machine, in one command.
Orchestrate sandboxed coding agents in TypeScript with sandcastle.run().
A TypeScript library for orchestrating AI coding agents in isolated sandboxes.
Containerized Learning Environment Ansible-HandsOn is a lightweight local lab environment designed for learning, testing, and mastering Ansible infrastructure automation.
Instead of relying on resource-heavy Virtual Machines (VMs), this project leverages Docker containers to simulate a real-world network infrastructure in seconds.
Docker monitoring that fits in an SSH connection.
One binary, barely any memory. Metrics, logs, and alerts across all your hosts. Runs 24/7 on the server, notifies you when things break, whether you're connected or not.
Sysbox is an open-source, next-generation runc that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
Related contents:
AI-Powered Docker Security Analyzer.
AI-powered Docker security scanner that explains vulnerabilities in plain English
Build Docker Compose Without the Hassle.
Build, validate, and ship Docker stacks.
Dock-Dploy is a to the point, visual surface for Docker Compose, Pangolin BluePrints, Configs, and Schedulers. Friendly enough for first-timers, fast enough for homelab operators, honest enough for production.
Project Hummingbird builds a collection of minimal, hardened, and secure container images with a significantly reduced attack surface. This strong focus on security combined with a highly automated update workflow aims to minimize CVE counts, targeting near-zero vulnerabilities. All images support amd64 and arm64 architectures.
Related contents:
AI-Powered Docker Security Analyzer. AI-powered Docker security scanner that explains vulnerabilities in plain English.
DockSec is an OWASP Incubator Project that combines traditional Docker security scanners (Trivy, Hadolint, Docker Scout) with AI to provide context-aware security analysis.
Related contents:
Open Source Container Runtime Software.
Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs.
Related contents:
The Container Security Platform. Application Kernel for Containers.
gVisor provides a strong layer of isolation between running applications and the host operating system. It is an application kernel that implements a Linux-like interface. Unlike Linux, it is written in a memory-safe language (Go) and runs in userspace.
gVisor includes an Open Container Initiative (OCI) runtime called runsc that makes it easy to work with existing container tooling. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers.
Generate gethomepage.dev configs from running Docker containers.
Tired of manually writing homepage configs every time you spin up a new container? homepagectl fixes that.
Queries your Docker socket, matches containers against homepage known services, auto-detects ports, and writes services.yaml, settings.yaml, and .env — no manual YAML editing required.
Lightweight Docker monitoring dashboard with anomaly detection & Telegram alerts. One-liner install, zero config.
Visual Docker Compose Builder — drag-and-drop your docker-compose.yml in the browser.
layerleak the Docker Hub Secret Scanner.
Traditional secret scanners often treat a container image as a flat blob or depend on a local Docker daemon. This project is designed around OCI image internals
Hundreds of models & providers. One command to find what runs on your hardware.
A terminal tool that right-sizes LLM models to your system's RAM, CPU, and GPU. Detects your hardware, scores each model across quality, speed, fit, and context dimensions, and tells you which ones will actually run well on your machine.
Ships with an interactive TUI (default) and a classic CLI mode. Supports multi-GPU setups, MoE architectures, dynamic quantization selection, speed estimation, and local runtime providers (Ollama, llama.cpp, MLX, Docker Model Runner, LM Studio).
Related contents:
CLI tool for inspecting and managing services listening on localhost ports.
I got tired of running lsof -iTCP -sTCP:LISTEN | grep ... every time a port was already taken, then spending another minute figuring out if it was a Docker container or some orphaned dev server from another worktree. So I built sonar.
It shows everything listening on localhost, with Docker container names, Compose projects, resource usage, and clickable URLs. You can kill processes, tail logs, shell into containers, and more — all by port number.
Easy self-hosting for Docker-based web apps.
ONCE is a platform for installing and managing Docker-based web applications. Its goal is to make self-hosting applications as simple as possible.
As well as simplifying the initial setup, ONCE also provides automatic updates, backups, and system information. It has a TUI interface with a dashboard for monitoring and operating your applications, as well as CLI commands for common operations should you (or your AI agent) prefer that.
ONCE runs on Linux and macOS, and can be used to run applications on a variety of hardware: a physical server, a cloud VPS, a Raspberry Pi, or your laptop, are all suitable.
ONCE comes with a set of 37signals apps built-in, but you can use it to install any compatible Docker image as well.
Universal Sandbox Infrastructure for AI Applications.
Securely run commands, filesystems, code interpreters, browsers, and developer tools in isolated runtime environments.
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.
An updated sample database for PostgreSQL, building off of the Pagila database.
Minimal CVE Hardened container image collection.
A collection of production-ready container images with minimal CVEs, rebuilt daily using Chainguard's apko and Wolfi packages. By including only required packages, these images maintain a reduced attack surface and typically have zero or near-zero known vulnerabilities.
Related contents:
Backup Docker volumes locally or to any S3, WebDAV, Azure Blob Storage, Dropbox, Google Drive or SSH compatible storage.
The offen/docker-volume-backup Docker image can be used as a lightweight (below 15MB) companion container to an existing Docker setup. It handles recurring or one-off backups of Docker volumes to a local directory, any S3, WebDAV, Azure Blob Storage, Dropbox, Google Drive or SSH compatible storage (or any combination thereof) and rotates away old backups if configured. It also supports encrypting your backups using GPG and sending notifications for (failed) backup runs.
Fast container image distribution plugin with lazy pulling .
Pulling image is one of the time-consuming steps in the container lifecycle. Research shows that time to take for pull operation accounts for 76% of container startup time[FAST '16]. Stargz Snapshotter is an implementation of snapshotter which aims to solve this problem by lazy pulling. Lazy pulling here means a container can run without waiting for the pull completion of the image and necessary chunks of the image are fetched on-demand.
Related contents:
Kubernetes, Docker and Podman Container Management Platform.
Related contents:
Security, visibility, and authorization for AI agents
Leash wraps AI coding agents in containers and monitors their activity. You define policies in Cedar; Leash enforces them instantly.
Authorize and monitor your AI agents with policy enforcement, sandboxed execution, and real-time observability—ensuring they operate safely within your defined boundaries.
Modern Docker Management.
Dockhand is a modern, efficient Docker management application providing real-time container management, Compose stack orchestration, and multi-environment support. All in a lightweight, secure and privacy-focused package.
Related contents:
- Best Self-Hosted Apps of 2025 | The Top New Containers You Should Know @ ServersatHome's YouTube.
- Dockhand Deep Dive: The NEW Docker Management Tool Explained @ DB Tech's YouTube.
- Dockhand: The Easiest Way I’ve Found to Manage and Update Docker Containers @ Lawrence Systems' YouTube.
- Dockhand - The Ultimate Self-Hosted Docker Management Tool @ noted.
- Newsletter du 02 Mars 2026 @ RudeOps :fr:.
- Dockhand: A Smarter, Safer Docker Manager @ Christian Lempa's YouTube.
- I tried Arcane for Docker management, and here's why Dockhand remains my pick @ XDA.
- Portainer to Dockhand: One Container Replaced Several @ DB Tech's YouTube.
Open source and self hostable docker compose editor and configuration tool.
ComposeToolbox is a self-hostable web application that allows users to edit, validate, and get suggestions for your docker-compose.yml files. It has a fully featured code editor as well as a configuration panel that breaks down what exactly the compose file does.
VaultOS is a terminal-based user interface (TUI) for managing "Desktop" Docker containers.
VaultOS is a terminal-based user interface (TUI) for managing "Desktop" Docker containers. It allows you to effortlessly spin up ephemeral or persistent Linux desktop environments (like Alpine XFCE, Ubuntu KDE, etc.) accessible directly via your web browser.
Create DNS records from Docker labels.
Docker DNS Exporter connects to a Docker daemon and periodically checks for containers with labels matching the expected format. Any new records are sent to their configured name server to be served to clients. If a record hasn't been seen for a configurable amount of time, the record gets deleted from the name server it was defined on.
Puts Docker Containers to sleep and wakes them back up when they're needed.
Written in Node.js, this application acts as a HTTP reverse proxy and stops Docker containers which haven't been accessed recently and starts them again when a new request comes in. ContainerNursery also makes sure there are no more active WebSocket connections before stopping the container.
Related contents:
A PostgreSQL Docker container that automatically upgrades your database.
Its whole purpose in life is to automatically detect the version of PostgreSQL used in the existing PostgreSQL data directory, then automatically upgrade it (if needed) to the required version of PostgreSQL using pg_upgrade with the --link option.
🤖 A minimal and customizable Docker image running the Android emulator as a service.
Docker image & resource cleanup helper, on a schedule!
A sleek, lightweight web interface to automatically clean up Docker resources on a schedule.
Terminal-based Docker manager - monitor CPU/memory, view logs, and manage containers.
DockMate is a TUI (Text User Interface) for managing Docker containers directly from your terminal. Think of htop, but for Docker.
Scalable PaaS (automated Docker+nginx) - aka Heroku on Steroids. Scalable, Free and Self-hosted PaaS!.
CapRover is an extremely easy to use app/database deployment & web server manager for your NodeJS, Python, PHP, ASP.NET, Ruby, MySQL, MongoDB, Postgres, WordPress (and etc...) applications!
Open Source Cloud Security Scanner.
An open source, cloud-native security to protect everything from build to runtime.
cnspec assesses your entire infrastructure's security and compliance. It finds vulnerabilities and misconfigurations across public and private cloud environments, Kubernetes clusters, containers, container registries, servers, endpoints, SaaS products, infrastructure as code, APIs, and more.
A powerful policy as code engine, cnspec is built upon Mondoo's security data fabric. It comes configured with default security policies that run right out of the box. It's both fast and simple to use!
Docker Manager is an Android App that allows you to manage your docker installation on remote from your mobile phone!
Related contents:
Backup automation for self-hosters. Powerful backup automation for your remote storage Encrypt, compress, and protect your data with ease.
Zerobyte is a backup automation tool that helps you save your data across multiple storage backends. Built on top of Restic, it provides an modern web interface to schedule, manage, and monitor encrypted backups of your remote storage.
Related contents:
Docker Container Monitoring for Your Terminal.
A powerful TUI for monitoring Docker containers across multiple hosts with real-time CPU, memory, and network metrics. Built with Rust for blazing-fast performance and minimal resource usage.
A Lightweight, Ready-to-Use Web Browsing Environment in Docker with VNC Access.
VNC-Browser is a ready to use, minimal, customizable docker image designed to provide a lightweight and secure environment for browsing the web via VNC.
An archive-less dockerTools.buildImage implementation.
nix2container provides an efficient container development workflow with images built by Nix: it doesn't write tarballs to the Nix store and allows to skip already pushed layers (without having to rebuild them).
Related contents:
Self-hostable Docker Compose stack update manager.
PatchPanda is a self-hostable Docker Compose stack update manager built with .NET 10 and Blazor Server. It scans your existing Docker Compose stacks, monitors GitHub releases for new versions, groups related containers, and helps you review and apply updates while keeping you in control.
Doco-CD stands for Docker Compose Continuous Deployment and is a lightweight GitOps tool that automatically deploys and updates Docker Compose projects and Swarm stacks via webhooks or polling when a change is pushed to a Git repository.
You can think of it as a simple Portainer or ArgoCD alternative for Docker.
Modern Docker Management, Designed for Everyone.
Arcane is designed to be an easy and modern Docker management platform, built with everybody in mind. The goal of Arcane is to be built for and by the community to make sure nobody feels left out or behind with their specific features or processes.
Related contents:
A responsive monitoring platform for Proxmox VE, PBS, and Docker with real-time metrics across nodes and containers.
Real-time monitoring for Proxmox VE, Proxmox Mail Gateway, PBS, and Docker infrastructure with alerts and webhooks.
Monitor your hybrid Proxmox and Docker estate from a single dashboard. Get instant alerts when nodes go down, containers misbehave, backups fail, or storage fills up. Supports email, Discord, Slack, Telegram, and more.
Related contents:
Manage your docker containers and generate a report to share and compare with other self hosters.
Container Census is a lightweight, Go-powered tool that automatically scans your Docker environment across one or many hosts and gives you a clear, historical view of everything running in your stack.
Related contents:
🥑 Language focused docker images, minus the operating system.
"Distroless" images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.
Related contents:
docker mcp CLI plugin / MCP Gateway.
Related contents:
Docker Proxy Filter (DPF) is a smol, forward proxy for filtering the content and responses of Docker API responses to only those you want to expose.
Unlike the OG docker-socket-proxy and its variants, DPF provides filtering of the response content from the Docker API, rather than disabling/enabling of API endpoints. It does not connect directly to the Docker socket: it designed to be used with another Docker "Socket Proxy" container. Combined with a socket-proxy container that provides granular endpoint access it's possible to expose only information about specific containers in a read-only context.
Related contents:
A CLI tool for backing up Docker instances; Containers, Networks, Images, Volumes.
A lightweight TypeScript CLI for creating and exporting Docker container backups. Captures container configurations, related networks and volumes, and optionally physical volume data.
2048 game with DevOps practices.
A fully containerized and cloud-native implementation of the classic 2048 game with complete CI/CD pipeline, Kubernetes deployment, and Infrastructure as Code.
An application for automating docker containers updates with a web ui.
It's like well-known watchtower, but with a web UI where you can change most of the settings or view the current state of the containers.
Related contents:
Modern Docker container monitoring with auto-restart and alerts .
A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.
Related contents:
Ubuntu, Alpine, Arch, and Fedora based Webtop images, Linux in a web browser supporting popular desktop environments.
Related contents:
Docker Registry UI.
A simple, lightweight UI for exploring and managing Docker/OCI container registries.
Multi-Server Fleet Management for Cloudflare Tunnels. Automate Cloudflare Tunnels with Docker Labels.
DockFlare is a powerful, self-hosted ingress controller that simplifies Cloudflare Tunnel and Zero Trust management. It uses Docker labels for automated configuration while providing a robust web UI for manual service definitions and policy overrides.