cup
Cup is a lightweight, fast CLI and web tool for checking Docker container image updates across multiple registries (Docker Hub, ghcr.io, Quay, etc.). It's designed to be rate-limit-friendly and provide an alternative to heavier update checkers, with a 5.4 MB binary size and JSON output for integration.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | sergi0g/cup |
| Owner | sergi0g |
| Primary language | Rust |
| License | AGPL-3.0 — OSI-approved |
| Stars | 1.3k |
| Forks | 25 |
| Open issues | 44 |
| Latest release | v3.5.1 (2025-11-21) |
| Last updated | 2026-07-05 |
| Source | https://github.com/sergi0g/cup |
What cup is
Written in Rust with a React-based web UI and Tailwind CSS styling, Cup performs concurrent registry polling to detect container image updates efficiently. It exposes both CLI and REST API endpoints (including `/api/v3/json`) for programmatic access and supports multiple container registries via standard registry protocols.
Get the cup source
Clone the repository and explore it locally.
git clone https://github.com/sergi0g/cup.gitcd cup# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- AGPL-3.0 license: verify compliance with internal IP policy. Any distributed modifications trigger source-code disclosure requirements.
- Single-developer project with 44 open issues; prioritize code review and testing before production deployment. No commercial SLA.
- Cup does not auto-trigger updates; you must wire it to external automation (cron, CI/CD, or custom webhook handlers).
- Binary size (5.4 MB) and resource footprint are minimal; suitable for embedded systems (Raspberry Pi noted in README) and containers.
- Requires network access to target registries; test authentication and rate-limit behavior in your environment before scaling.
When to avoid it — and what to weigh
- Need Automatic Trigger / Remediation — Cup does not directly trigger deployments, restarts, or integrations. You must implement external orchestration (e.g., cron jobs, CI/CD, webhook handlers) to act on update data. For out-of-the-box automation, What's up Docker is better suited.
- Require Commercial Support — Cup is AGPL-3.0 licensed and maintained by a single developer. No SLA, commercial support, or guaranteed maintenance window is available. Use at your own risk in production.
- Enterprise / Proprietary Codebase Constraints — AGPL-3.0 requires source disclosure if Cup is modified and distributed. Any internal forks or customizations used in a network-accessible service must have source made available. Review IP/licensing policy before adoption.
- Complex Multi-Registry Authentication Scenarios — Documentation does not detail credential management across multiple private registries. Complex authentication flows (OIDC, service accounts, secrets rotation) are not described; requires hands-on testing.
License & commercial use
Cup is licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring source disclosure of modifications if the software is deployed in a network-accessible manner. Commercial use is possible but subject to open-source compliance obligations.
Commercial use is permitted under AGPL-3.0, but with obligations: any modifications or customizations deployed as a service must have source code made available under the same license. Organizations with proprietary codebases should conduct legal review. No commercial support, warranty, or SLA is provided by the maintainer.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Cup queries container registries, which may involve storing or transmitting credentials. No security audit or disclosure of credential handling, encryption in transit, or secrets management practices is provided in the README. AGPL-3.0 source code is publicly available for review. Users should audit credential passing mechanisms, ensure HTTPS for web UI, and validate registry authentication before deploying in sensitive environments. No information on vulnerability disclosure process.
Alternatives to consider
What's up Docker? (WUD)
Acknowledged as the inspiration for Cup. WUD offers automatic trigger/remediation, broader feature set, and active community support. Choose WUD if you need hands-off automation; Cup is simpler but manual.
Renovate / Dependabot
GitHub/GitLab-native tools for dependency and container image updates. Better for CI/CD-driven workflows and automated PR creation. Requires Git-based config management; less suitable for standalone ops monitoring.
Lightweight Docker-focused auto-updater. Simpler than WUD but less flexible. Does not provide update visibility/dashboards like Cup; geared toward direct auto-update, not reporting.
Build on cup with DEV.co software developers
Cup is ideal for teams needing rate-limit-aware, lightweight update detection. Review the full documentation, test credential handling and registry support in your environment, and confirm AGPL-3.0 licensing compliance before production use.
Talk to DEV.coRelated on DEV.co
Explore the category and the services that help you build with it.
cup FAQ
Can Cup automatically restart or redeploy containers?
Is Cup safe to use in production?
Can I modify and deploy Cup internally without sharing the source?
What registries does Cup support?
Work with a software development agency
Need help beyond evaluating cup? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.
Evaluate Cup for Your Update Monitoring Strategy
Cup is ideal for teams needing rate-limit-aware, lightweight update detection. Review the full documentation, test credential handling and registry support in your environment, and confirm AGPL-3.0 licensing compliance before production use.