drydock.codeswhat.comDiun vs Drydock
Diun (Docker Image Update Notifier) is a lightweight notification tool. Drydock builds on the same monitoring concept but adds a full web UI, auto-updates, security scanning, and comprehensive container management capabilities.
Feature Comparison
A side-by-side look at what each tool offers.
| Feature | Diun | Drydock |
|---|---|---|
| Project status | Actively maintained | Actively maintained |
| Language | Go | TypeScript |
| Web UI | None (CLI / daemon) | Full dashboard |
| Auto-update containers | No (notify only) | Yes (optional) |
| Docker Compose updates | No | Yes, pull & recreate |
| Registry support | Docker Hub + private via Docker config | 23 dedicated registry integrations |
| Notifications | 17 services | 20 native trigger integrations |
| Security scanning | None | Trivy + SBOM + cosign verification |
| OIDC authentication | None | Authelia, Auth0, Authentik |
| REST API | Limited | Full REST API |
| Prometheus metrics | No | Full /metrics endpoint + Grafana template |
| MQTT / Home Assistant | Yes | Yes |
| Image backup & rollback | No | Pre-update backup with retention + auto rollback |
| Container grouping | No | Smart stack detection with batch actions |
| Lifecycle hooks | No | Pre/post-update shell commands |
| Webhook API | No | Token-authenticated webhooks for CI/CD |
| Container actions | No | Start/stop/restart from UI/API |
| Distributed agents | Yes (Docker, Swarm, K8s) | SSE-based agent architecture |
| Kubernetes support | Yes | Planned (v2.0.0) |
| Semver-aware updates | Yes | Yes |
| Audit log | No | Yes, with REST API |
| License | MIT | AGPL-3.0 |
Key Differentiators
Where Drydock goes beyond what Diun offers.
Full Web Dashboard
Diun is a CLI daemon with no built-in UI. Drydock provides a full web dashboard for browsing containers, viewing update status, triggering actions, and inspecting logs — all from the browser.
Auto-Update Containers
Diun is notification-only — it tells you about updates but can't apply them. Drydock can monitor and notify, but also optionally pull images and recreate containers via Docker Compose.
Security Scanning
Drydock integrates Trivy vulnerability scanning, SBOM generation (CycloneDX & SPDX), and cosign signature verification. Diun has no security scanning capabilities.
23 Registry Integrations
Drydock has dedicated integrations for Docker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more. Diun relies on Docker credential configuration.
Rollback & Backup
Pre-update image backups with configurable retention and automatic rollback on health check failure. Diun can't update containers, so rollback isn't applicable.
Audit Trail & Observability
Full audit log with REST API, Prometheus /metrics endpoint with Grafana dashboard template. Diun has no built-in metrics or audit trail.
Coming from Diun?
If you're using Diun for notifications, Drydock can do the same — plus give you a full dashboard, auto-updates, security scanning, and container management. One Docker command to get started.
$ docker run -d \
--name drydock \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 3000:3000 \
codeswhat/drydockReady to try Drydock?
Open source, AGPL-3.0 licensed, and actively maintained.