drydock.codeswhat.comPortainer vs Drydock
Portainer is a full container management platform with a broad feature set. Drydock is a focused, lightweight update monitor with safety controls that Portainer lacks — automatic rollback, maintenance windows, lifecycle hooks, and free security scanning.
Feature Comparison
A side-by-side look at what each tool offers.
| Feature | Portainer | Drydock |
|---|---|---|
| Project status | Actively maintained | Actively maintained |
| Pricing | Free CE / Paid BE ($$$) | Free, AGPL-3.0 licensed |
| Web UI | Yes | Yes |
| Image update detection | Yes | Yes |
| Auto-update containers | Yes | Yes (monitor-first) |
| Automatic rollback | No | Yes, on health check failure |
| Maintenance windows | No | Yes |
| Lifecycle hooks (pre/post) | No | Yes, with timeout & abort |
| Image backup & dry-run | No | Pre-update backup + dry-run preview |
| Security scanning | Yes (BE only — paid) | Trivy + SBOM + cosign (free) |
| Registry providers | Major registries | 23 dedicated integrations |
| Notifications | Slack, Teams (BE only) | 20 native trigger integrations |
| MQTT / Home Assistant | No | Yes |
| Grafana dashboard | No | Yes, importable template |
| OIDC / SSO | Yes | Yes (Authelia, Auth0, Authentik) |
| RBAC | Yes (BE only) | Planned |
| Kubernetes support | Yes | Planned (v2.0.0) |
| Docker Swarm | Yes | Planned (v2.0.0) |
| Web terminal / shell | Yes | Planned |
| Compose templates | Yes | Planned |
| Audit log | Yes (BE only) | Yes (free) |
| Resource footprint | Heavy (~200MB+ RAM) | Lightweight (~80MB RAM) |
| License | Zlib (CE) / Proprietary (BE) | AGPL-3.0 |
Key Differentiators
Where Drydock goes beyond what Portainer offers.
Update Safety Controls
Automatic rollback on health check failure, maintenance windows, lifecycle hooks, and dry-run preview. Portainer can update containers but has none of these safety primitives.
Free Security Scanning
Trivy vulnerability scanning, SBOM generation, and cosign verification — all free and open source. Portainer's security features require the paid Business Edition.
No Paywall
Every Drydock feature is free and open source. Portainer gates security scanning, audit logs, RBAC, and most notification integrations behind the paid Business Edition.
20 Notification Services
Slack, Discord, Telegram, Teams, Matrix, SMTP, MQTT, Kafka, Gotify, NTFY, and more — all free. Portainer CE has very limited notification options.
23 Registry Integrations
Dedicated integrations for Docker Hub, GHCR, ECR, GCR, GAR, GitLab, Quay, Harbor, Artifactory, Nexus, and more with per-registry configuration.
Lightweight & Focused
Drydock uses ~80MB RAM and focuses on doing update monitoring well. Portainer is a full management platform that uses significantly more resources.
Using Portainer?
Drydock can run alongside Portainer. Use Portainer for general container management and Drydock for update monitoring with safety controls, security scanning, and broad notification support — all without a paid tier.
$ docker run -d \
--name drydock \
-v /var/run/docker.sock:/var/run/docker.sock \
-p 3000:3000 \
codeswhat/drydockReady to try Drydock?
Open source, AGPL-3.0 licensed, and actively maintained.