Cupdate is a zero-config service that helps you keep your container images up-to-date. It automatically identifies container images in use in your Kubernetes cluster or on your Docker host. Cupdate then identifies the latest available version and makes this data and more available to you via a UI, API or through an RSS feed.
Cupdate is for those who like the process of keeping their services up-to-date, looking through what's outdated and what features new updates bring. Cupdate will not help you deploy the updates. If you deploy your services using things like flux, then there are great services that will modify your manifests for you, such as Dependabot or Renovate. Cupdate is not about that, nor will it ever be. That's not to say that Cupdate won't integrate well with such services. Cupdate can still act as a dashboard of your deployed services, visualizing their graphs and versions. Cupdate's APIs can also be used to write such services/scripts with ease. There are example scripts for Kubernetes and Docker in the cookbook.
Features:
- Supports Kubernetes and Docker (one or more hosts, local or remote)
- Zero configuration required
- Performant and lightweight - uses virtually zero CPU and roughly 14MiB RAM
- Auto-detect container images in Kubernetes and Docker
- Auto-detect the latest available container image versions
- UI for discovering updates
- Subscribe to updates via an RSS feed
- Graphs image versions' dependants explaining why they're in use
- Vulnerability scanning via Docker Scout, Quay and the GitHub Advisory Database through vulndb
- APIs for custom integrations
Supported registries:
- docker.io
- ghcr.io
- quay.io
- lscr.io
- registry.k8s.io
- k8s.gcr.io, gke.gcr.io, gcr.io
- registry.gitlab.com
Supported data sources:
- Docker Hub, Docker Scout
- GitHub, GitHub Container Registry
- GitLab
- Quay
Cupdate can be deployed using Kubernetes or Docker. It's designed to run well with minimal required configuration. Please refer to the platform-specific documentation for more information on how to get started with Cupdate:
- Running Cupdate using Kubernetes: docs/kubernetes/README.md
- Running Cupdate using Docker: docs/docker/README.md
Cupdate can expose metrics and traces. For more information on how to use them, see docs/observability/README.md.
Although not recommended or intended, Cupdate can be run directly on host. In that case, please build Cupdate and run it using the instructions in CONTRIBUTING.md.
| Light mode | Dark mode |
|---|---|
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Vulndb is a tiny sqlite file that contains information useful to statically look up known vulnerabilities in container images based on their source repositories. For now it uses GitHub's advisory database.
For more information see tools/vulndb/README.md.
The database is updated daily and published as an OCI artifact used by Cupdate. The artifact is available here: https://github.com/AlexGustafsson/cupdate/pkgs/container/cupdate%2Fvulndb.
For more advanced scanning requirements, use something like Trivy or Grype.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}