App API
Application info, server configuration, and diagnostic endpoints.
Get App information
Returns application name and version.
curl http://drydock:3000/api/v1/app
{
"name":"drydock",
"version":"1.6.0-rc.1"
}Get server configuration
Returns the server configuration, webhook status, and legacy input compatibility summary.
curl http://drydock:3000/api/v1/server
{
"configuration": {
"port": 3000,
"feature": { "delete": false },
"webhook": { "enabled": true }
},
"compatibility": {
"legacyInputs": {}
}
}Get security runtime status
Returns backend, provider, scanner-asset, Cosign, and SBOM-generator status. Command mode checks local binaries; Docker/remote modes inspect digest-pinned worker assets.
curl http://drydock:3000/api/v1/server/security/runtime
{
"checkedAt": "2026-03-18T19:33:00.000Z",
"ready": true,
"backend": "docker",
"availabilityPolicy": "block",
"gate": { "mode": "on", "allowNoWorse": true },
"scanner": {
"enabled": true,
"command": "aquasec/trivy@sha256:…",
"commandAvailable": true,
"status": "ready",
"message": "trivy scanner is ready via docker",
"scanner": "trivy",
"server": ""
},
"signature": {
"enabled": false,
"command": "",
"commandAvailable": null,
"status": "disabled",
"message": "Signature verification is disabled"
},
"sbom": {
"enabled": true,
"formats": ["spdx-json", "cyclonedx-json"],
"generator": "trivy"
},
"providers": [{ "provider": "trivy", "role": "scanner", "status": "ready" }],
"assets": [{ "provider": "trivy", "state": "ready", "resolvedDigest": "sha256:…" }],
"requirements": []
}Response fields
| Field | Type | Description |
|---|---|---|
checkedAt | string | ISO 8601 timestamp of the check |
ready | boolean | true when every required scanner/SBOM provider is ready |
backend | string | command, docker, or Trivy-only remote |
availabilityPolicy | string | Fail-closed block or explicit advisory warn |
gate.mode | string | Effective global gate mode: on or off |
gate.allowNoWorse | boolean | Whether blocked candidates can pass a fail-closed severity-by-severity comparison with the current image scan |
scanner.enabled | boolean | Whether vulnerability scanning is configured |
scanner.command | string | Scanner command (e.g. trivy) |
scanner.commandAvailable | boolean | null | Whether the command was found in the runtime; null when disabled |
scanner.status | string | ready, missing, or disabled |
scanner.server | string | Trivy server URL (empty when using local mode) |
signature.enabled | boolean | Whether signature verification is configured |
signature.command | string | Cosign command |
signature.commandAvailable | boolean | null | Whether cosign was found in the runtime |
signature.status | string | ready, missing, or disabled |
sbom.enabled | boolean | Whether SBOM generation is enabled |
sbom.formats | string[] | Configured SBOM output formats |
sbom.generator | string | Effective trivy or syft generator |
providers | object[] | Normalized provider health and remediation details |
assets | object[] | Worker image state, configured/resolved digest, version, cache timestamps, and failures |
requirements | string[] | Human-readable list of missing dependencies (empty when everything is ready) |
Returns 200 on success, or 500 if the runtime check fails.
Pull or warm scanner assets
Docker/remote backends expose an audited lifecycle action:
curl -X POST http://drydock:3000/api/v1/server/security/assets/grype/pull
curl -X POST http://drydock:3000/api/v1/server/security/assets/grype/warmProviders are trivy, grype, and syft; operations are pull and warm. The response is the resulting asset status. Invalid combinations return 400, while runtime/pull/warm failures return 503 without exposing credentials.
Download diagnostic debug dump
Downloads a comprehensive, redacted diagnostic dump of the running drydock instance as a JSON file. Useful for troubleshooting and support requests.
The dump includes runtime metadata, component state (watchers, registries, triggers, agents, containers), Docker API diagnostics, MQTT Home Assistant sensor definitions, recent Docker events, store statistics, and DD_* environment variable names. Store statistics include document counts and UTF-8 serialized byte attribution for the whole LokiJS store and each collection, making unexpected persistence growth traceable without exposing raw store contents. Values whose keys contain sensitive tokens such as password, passwd, pass, token, secret, credential, hash, key, apikey, accesskey, or privatekey are automatically redacted. Environment-style keys containing AUTH, BEARER, LOGIN, or URL are also redacted, which covers webhook URLs with embedded secrets.
curl -O -J "http://drydock:3000/api/v1/debug/dump?minutes=30"The response is a JSON attachment with a timestamped filename (e.g. drydock-debug-dump-2026-03-18T19-33-00-000Z.json).
Query parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
minutes | integer | 30 | How many recent minutes of event history to include (min: 1) |
Dump sections
| Section | Contents |
|---|---|
metadata | Generated timestamp, drydock version, Node.js version, uptime |
state | All registered components: containers, watchers, triggers, registries, authentications, agents |
mqttHomeAssistant | Home Assistant MQTT sensor discovery topics and definitions |
dockerEvents | Active Docker event subscriptions and recent events within the time window |
aliasFiltering | Recent container alias filter decisions |
store | LokiJS collection document counts and serialized byte attribution, including per-collection serializedBytes |
dockerApi | Docker daemon version and info per watcher (connection errors captured gracefully) |
environment | All DD_* environment variable names with values redacted |
Returns 200 with the JSON attachment on success, 401 if not authenticated, or 500 if the dump cannot be generated.