Diun — Docker Image Update Notifier

Introduction

Diun (Docker Image Update Notifier) watches container registries for image updates and pushes alerts through your preferred channels. It solves the problem of knowing when upstream images have new versions without manually checking each repository.

What Diun Does

• Monitors Docker, Podman, Swarm, and Kubernetes for running container images
• Checks registries on a configurable cron schedule for new digests or tags
• Sends notifications via Discord, Slack, Telegram, email, Gotify, ntfy, and more
• Supports regex-based tag filtering to watch only stable or semver releases
• Tracks image state in a local database to avoid duplicate alerts

Architecture Overview

Diun is a single Go binary that runs as a daemon or cron job. It discovers images through providers — Docker socket, Kubernetes API, Swarm, Nomad, Dockerfile, or a static YAML list. On each run it queries the registry manifest API, compares digests against its local BoltDB database, and fires notifications for any changes. The entire state lives in one data directory.

Self-Hosting & Configuration

• Run as a Docker container with the Docker socket mounted read-only
• Set the watch schedule using standard cron syntax via DIUN_WATCH_SCHEDULE
• Configure notification channels in a YAML config file or via environment variables
• Use label-based opt-in (diun.enable=true) to control which containers are monitored
• For Kubernetes, deploy as a CronJob with a ServiceAccount that can list pods

Key Features

• 15+ notification backends including webhooks for custom integrations
• Provider support for Docker, Podman, Swarm, Kubernetes, and Nomad
• Regex tag inclusion and exclusion filters for precise version tracking
• Automatic platform detection for multi-arch image manifests
• Lightweight single binary with no runtime dependencies

Comparison with Similar Tools

• Watchtower — automatically pulls and restarts containers, Diun only notifies
• Ouroboros — similar auto-update tool, less actively maintained
• Renovate — dependency update bot for code repos, not running containers
• Dependabot — GitHub-native, targets package manifests, not container images
• Skopeo — CLI for inspecting registries, no notification or scheduling built in

FAQ

Q: Does Diun automatically update my containers? A: No. Diun is notification-only by design. It tells you an update is available so you can review changelogs before applying. Pair it with Watchtower if you want auto-updates.

Q: Which container registries are supported? A: Any OCI-compliant registry including Docker Hub, GitHub Container Registry, Quay.io, GitLab, and private registries with basic or token auth.

Q: Can I monitor images I am not currently running? A: Yes. Use the file provider to list any image references in a YAML file, regardless of whether they are running locally.

Q: How do I filter out pre-release or nightly tags? A: Set include_tags or exclude_tags with regex patterns in the watch configuration to match only the tags you care about.

Sources

• https://github.com/crazy-max/diun
• https://crazymax.dev/diun/