drydock.codeswhat.comDockhand vs Drydock
Dockhand and Drydock are both container update tools with web UIs and security scanning. Drydock adds automatic rollback, maintenance windows, lifecycle hooks, and broader registry and notification coverage — all free and open source.
Feature Comparison
A side-by-side look at what each tool offers.
| Feature | Dockhand | Drydock |
|---|---|---|
| Project status | Actively maintained | Actively maintained |
| Language | Go | TypeScript |
| Web UI | Yes | Yes |
| Image update detection | Yes | Yes |
| Auto-update containers | Yes | Yes (monitor-first) |
| Vulnerability scanning | Yes (🥊 Update Bouncer) | Yes (Trivy + SBOM + cosign) |
| Automatic rollback | No | Yes, on health check failure |
| Maintenance windows | No | Yes |
| Lifecycle hooks (pre/post) | No | Yes, with timeout & abort |
| Image backup | No | Pre-update backup with retention |
| Dry-run preview | No | Yes |
| Registry providers | Major registries | 23 dedicated integrations |
| Notifications | Email, Gotify, Ntfy, webhooks, Apprise | 20 native trigger integrations |
| MQTT / Home Assistant | No | Yes |
| Distributed agents | Yes (headless agents) | Yes (SSE-based agents) |
| OIDC / SSO | Yes | Yes (Authelia, Auth0, Authentik) |
| Prometheus metrics | Planned | Full /metrics endpoint + Grafana template |
| Audit log | Enterprise only | Yes, free (REST API) |
| Git-based stack deployment | Yes | Planned |
| Web terminal / shell | Yes | Planned |
| File browser | Yes | Planned |
| Secret management | Enterprise only | Planned (free) |
| License | Apache 2.0 / Proprietary (EE) | AGPL-3.0 |
Key Differentiators
Where Drydock goes beyond what Dockhand offers.
Update Safety Controls
Automatic rollback on health check failure, maintenance windows, lifecycle hooks, and dry-run preview. Dockhand can scan and update but lacks these safety primitives for production deployments.
23 Registry Providers
Dedicated integrations for Docker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more — broader registry support than Dockhand.
20 Notification Services
Slack, Discord, Telegram, Teams, Matrix, SMTP, MQTT, Kafka, Gotify, NTFY, and more. Dockhand's notification options are more limited out of the box.
Free Audit Log
Full audit trail with REST API and Prometheus counter — included free. Dockhand's audit logging is gated behind the Enterprise edition.
SSE-Based Agents
Both tools support distributed monitoring. Drydock uses SSE-based agents for real-time communication with a centralized dashboard.
Fully Open Source
Every Drydock feature is free and open source. Dockhand gates audit logs, secret management, and some features behind an Enterprise tier.
Considering Dockhand?
Both are solid choices. If you want update safety controls (rollback, maintenance windows, hooks) and the broadest registry and notification coverage — all free — Drydock is built for that. One Docker command to get started.
$ docker run -d \
--name drydock \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 3000:3000 \
codeswhat/drydockReady to try Drydock?
Open source, AGPL-3.0 licensed, and actively maintained.