DEV.co
Open-Source DevOps · sergi0g

cup

Cup is a lightweight, fast CLI and web tool for checking Docker container image updates across multiple registries (Docker Hub, ghcr.io, Quay, etc.). It's designed to be rate-limit-friendly and provide an alternative to heavier update checkers, with a 5.4 MB binary size and JSON output for integration.

Source: GitHub — github.com/sergi0g/cup
1.3k
GitHub stars
25
Forks
Rust
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorysergi0g/cup
Ownersergi0g
Primary languageRust
LicenseAGPL-3.0 — OSI-approved
Stars1.3k
Forks25
Open issues44
Latest releasev3.5.1 (2025-11-21)
Last updated2026-07-05
Sourcehttps://github.com/sergi0g/cup

What cup is

Written in Rust with a React-based web UI and Tailwind CSS styling, Cup performs concurrent registry polling to detect container image updates efficiently. It exposes both CLI and REST API endpoints (including `/api/v3/json`) for programmatic access and supports multiple container registries via standard registry protocols.

Quickstart

Get the cup source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/sergi0g/cup.gitcd cup# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Self-hosted Docker/Container Fleet Updates

Teams running 10–100+ containers on Kubernetes, Docker Compose, or individual hosts need periodic update checks without rate-limiting penalties. Cup's minimal footprint and rate-limit awareness make it ideal for continuous monitoring via cron or scheduled API calls.

Rate-Limit-Conscious Environments

Organizations with many services pulling from Docker Hub or other registries benefit from Cup's design to avoid exhausting unauthenticated pull limits. Useful in CI/CD pipelines or monitoring infrastructure where traditional image pulls would accumulate quota.

Lightweight Update Dashboard / Webhook Integration

Teams wanting a simple, self-hosted alternative to What's up Docker can run Cup's web UI for visibility and consume JSON output to trigger custom webhooks or integrations via external automation (cron + API or similar).

Implementation considerations

  • AGPL-3.0 license: verify compliance with internal IP policy. Any distributed modifications trigger source-code disclosure requirements.
  • Single-developer project with 44 open issues; prioritize code review and testing before production deployment. No commercial SLA.
  • Cup does not auto-trigger updates; you must wire it to external automation (cron, CI/CD, or custom webhook handlers).
  • Binary size (5.4 MB) and resource footprint are minimal; suitable for embedded systems (Raspberry Pi noted in README) and containers.
  • Requires network access to target registries; test authentication and rate-limit behavior in your environment before scaling.

When to avoid it — and what to weigh

  • Need Automatic Trigger / Remediation — Cup does not directly trigger deployments, restarts, or integrations. You must implement external orchestration (e.g., cron jobs, CI/CD, webhook handlers) to act on update data. For out-of-the-box automation, What's up Docker is better suited.
  • Require Commercial Support — Cup is AGPL-3.0 licensed and maintained by a single developer. No SLA, commercial support, or guaranteed maintenance window is available. Use at your own risk in production.
  • Enterprise / Proprietary Codebase Constraints — AGPL-3.0 requires source disclosure if Cup is modified and distributed. Any internal forks or customizations used in a network-accessible service must have source made available. Review IP/licensing policy before adoption.
  • Complex Multi-Registry Authentication Scenarios — Documentation does not detail credential management across multiple private registries. Complex authentication flows (OIDC, service accounts, secrets rotation) are not described; requires hands-on testing.

License & commercial use

Cup is licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring source disclosure of modifications if the software is deployed in a network-accessible manner. Commercial use is possible but subject to open-source compliance obligations.

Commercial use is permitted under AGPL-3.0, but with obligations: any modifications or customizations deployed as a service must have source code made available under the same license. Organizations with proprietary codebases should conduct legal review. No commercial support, warranty, or SLA is provided by the maintainer.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Cup queries container registries, which may involve storing or transmitting credentials. No security audit or disclosure of credential handling, encryption in transit, or secrets management practices is provided in the README. AGPL-3.0 source code is publicly available for review. Users should audit credential passing mechanisms, ensure HTTPS for web UI, and validate registry authentication before deploying in sensitive environments. No information on vulnerability disclosure process.

Alternatives to consider

What's up Docker? (WUD)

Acknowledged as the inspiration for Cup. WUD offers automatic trigger/remediation, broader feature set, and active community support. Choose WUD if you need hands-off automation; Cup is simpler but manual.

Renovate / Dependabot

GitHub/GitLab-native tools for dependency and container image updates. Better for CI/CD-driven workflows and automated PR creation. Requires Git-based config management; less suitable for standalone ops monitoring.

Lightweight Docker-focused auto-updater. Simpler than WUD but less flexible. Does not provide update visibility/dashboards like Cup; geared toward direct auto-update, not reporting.

Software development agency

Build on cup with DEV.co software developers

Cup is ideal for teams needing rate-limit-aware, lightweight update detection. Review the full documentation, test credential handling and registry support in your environment, and confirm AGPL-3.0 licensing compliance before production use.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

cup FAQ

Can Cup automatically restart or redeploy containers?
No. Cup only detects and reports updates. You must use external tools (cron scripts, CI/CD, webhooks) to act on the JSON output or API responses.
Is Cup safe to use in production?
Cup is actively maintained by one developer. No SLA or commercial support exists. Conduct code review, test in staging, and monitor upstream for issues before production deployment.
Can I modify and deploy Cup internally without sharing the source?
No. AGPL-3.0 requires that any distributed or network-accessible modifications be source-disclosed. Verify internal compliance before customizing; consult legal if needed.
What registries does Cup support?
Docker Hub, ghcr.io, Quay, lscr.io, and Gitea (or derivatives). Private registries with auth may be supported; consult the documentation site for credential/registry-specific details.

Work with a software development agency

Need help beyond evaluating cup? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source devops integrations — and maintain them long-term.

Evaluate Cup for Your Update Monitoring Strategy

Cup is ideal for teams needing rate-limit-aware, lightweight update detection. Review the full documentation, test credential handling and registry support in your environment, and confirm AGPL-3.0 licensing compliance before production use.