dockcheck
dockcheck is a bash CLI tool that automates Docker image updates for containers, with optional notifications and image backups. It supports interactive or fully automated mode, allowing selective updates with filtering by labels, age, or container names.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | mag37/dockcheck |
| Owner | mag37 |
| Primary language | Shell |
| License | GPL-3.0 — OSI-approved |
| Stars | 2.4k |
| Forks | 87 |
| Open issues | 13 |
| Latest release | v0.7.8 (2026-04-30) |
| Last updated | 2026-07-06 |
| Source | https://github.com/mag37/dockcheck |
What dockcheck is
A shell script (bash 4.3+) that queries Docker registries via regctl to detect image updates, manages container recreation via docker-compose, and optionally prunes dangling images. It supports async subprocess management, custom notification templates, and Prometheus metrics export.
Get the dockcheck source
Clone the repository and explore it locally.
git clone https://github.com/mag37/dockcheck.gitcd dockcheck# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires bash 4.3+, jq, and regctl (external binary); users must download or package regctl separately.
- Docker and docker-compose (standalone or plugin) must be installed and running; no API auth abstraction layer provided.
- Script modifies container state (pull, stop, start, prune); ensure proper access control and test in non-production first.
- Notification templates require external service credentials (Slack, Telegram, Discord, etc.); no end-to-end encryption or secret rotation built-in.
- Cron scheduling or external orchestration needed for true automation; no built-in daemon mode.
When to avoid it — and what to weigh
- High-Availability or Production Kubernetes — Not designed for Kubernetes clusters or zero-downtime rolling deployments; no native support for pod disruption budgets or gradual rollouts.
- Strict Image Immutability or Audit Compliance — No built-in image signing verification, SBoM attestation, or fine-grained audit trails; relies on registry pull integrity alone.
- Non-Linux or Non-amd64/arm64 Architectures — Bash-dependent and requires regctl (amd64/arm64 only); no native Podman support (community fork available but not officially maintained).
- Organizations Requiring Commercial Support — OSS-only with community maintenance; no SLA, paid support, or enterprise backing.
License & commercial use
Licensed under GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring that any derivative works or distributions also be licensed under GPL-3.0 and source code be made available.
Commercial use is permitted under GPL-3.0, but with strong restrictions: any modifications or bundled distributions must be released under GPL-3.0 with source code available. Internal use (e.g., running in your own infrastructure) does not trigger GPL obligations. Requires legal review if repackaging, reselling, or embedding as part of a commercial product.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Project does not claim security hardening. Key considerations: (1) runs with privileges sufficient to pull images and restart containers; (2) stores credentials in plaintext config files (notification tokens, registry auth); (3) no input sanitization documented for container names or paths; (4) external dependency regctl is pulled from GitHub (supply chain risk); (5) notification templates may forward sensitive data to third-party services; (6) no checksum verification or signed releases mentioned; (7) shell script interpretation and eval-like constructs present inherent injection risks if inputs are untrusted. Suitable only for trusted administrators in controlled environments.
Alternatives to consider
Watchtower
Docker container that automatically updates running containers; simpler deployment, no config file needed, but less granular control and less notification integrations.
Renovate or Dependabot
CI/CD-native tooling for image updates via pull requests; better for GitOps workflows and immutable infrastructure, but overkill for small homelabs.
Podman's built-in auto-updates
Native Podman feature for quadlet/systemd-based workflows; no external dependencies, but Podman adoption not yet universal and lacks notification parity.
Build on dockcheck with DEV.co software developers
Download dockcheck for free from GitHub and set up automated container updates in under 5 minutes. Perfect for homelabs and self-hosted environments.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
dockcheck FAQ
Can I use dockcheck with Kubernetes?
Does dockcheck support private registries?
What if I'm on ARM or non-amd64 architecture?
Can I schedule dockcheck automatically?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like dockcheck into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source devops stack.
Ready to automate your Docker updates?
Download dockcheck for free from GitHub and set up automated container updates in under 5 minutes. Perfect for homelabs and self-hosted environments.