Container and image tooling

Web-check is a self-hosted diagnostic platform designed to perform comprehensive technical reconnaissance and security audits on web domains. It functions as a network scanner that inspects infrastructure by querying IP addresses, DNS records, SSL certificate chains, and server headers to identify potential misconfigurations or vulnerabilities. The platform is built to run within private infrastructure, ensuring that site investigations remain independent of external tracking or third-party data logging. By utilizing server-side request proxying, the tool bypasses client-side security restrictions to conduct direct network-level inspections. It further enhances its diagnostic capabilities by orchestrating concurrent requests to various third-party services, aggregating metadata into structured intelligence through a modular pipeline. The application is packaged as a containerized service, allowing for consistent deployment across cloud environments or local servers. Users can configure the platform’s behavior and service rate limits through environment variables, enabling the activation of specific analysis checks based on individual requirements. The software supports multiple installation methods, including one-click cloud deployments, container-based execution, and manual builds from source code.

Earthly is a containerized build system and Docker build framework designed for creating reproducible build pipelines. It ensures environment consistency by executing every build step inside an isolated container, combining the isolation of container images with dependency tracking and parallel execution. The system differentiates itself through a focus on hermeticity and multiplatform support, allowing for the generation of container images targeting multiple CPU architectures within a single execution flow. It maintains a hermetic build environment by isolating network access and utilizing a secret-mounting mechanism that injects sensitive data without persisting it in image layers. The project covers a broad range of automation capabilities, including directed acyclic graph orchestration for parallel target execution and content-addressable distributed caching to avoid redundant computations. It further supports monorepo coordination, remote build execution on cloud infrastructure, and the orchestration of containerized integration tests. Earthly provides the ability to inherit specifications from existing Dockerfiles to incorporate them into its own build pipelines.

AdGuardHome is a network-wide software solution that provides centralized control over domain name resolution, content filtering, and local network management. It functions as a recursive DNS server and DHCP address server, intercepting network traffic to enforce security policies and block unwanted content across all connected devices. By acting as a central gateway, it ensures that every device on a home or office network benefits from consistent protection and private, authenticated name resolution. The software distinguishes itself through granular client management and robust security features. It automatically identifies connected hardware to provide detailed traffic statistics and allows for the application of custom filtering rules to specific devices or groups. To ensure privacy, it supports encrypted DNS protocols, including DNS-over-HTTPS and DNS-over-TLS, and automates the acquisition and renewal of SSL certificates. Administrators manage these settings through a centralized web-based dashboard, which also provides tools for monitoring performance and configuring upstream routing. The platform is designed for flexible deployment across diverse environments, including virtual servers, single-board computers, and isolated containers. It maintains system state through human-readable configuration files and supports non-privileged execution to enhance security. The project emphasizes integrity and reliability, offering reproducible build verification and standardized packaging for various operating systems and hardware architectures.

Libpod is a container management library for running and controlling the lifecycle of Open Container Initiative compliant containers and images across different storage backends. It provides a programmatic interface for the remote control and automation of container environments. The project enables the coordination of multiple containers into pods that share network namespaces and other shared resources. It supports rootless container execution by using user namespaces to launch containers without administrative privileges. The library covers a broad range of system operations, including image handling for pulling and pushing across registries, network configuration, and resource isolation through control groups to prevent system exhaustion. It also manages the full container lifecycle—from creation and execution to checkpointing and restoration—via OCI-compliant runtimes. For desktop operating systems, the project supports container execution through a virtual machine backend.

uv is a high-performance Python package manager and project build tool designed to handle dependency resolution, virtual environment orchestration, and Python interpreter management. It functions as a comprehensive workspace orchestrator, enabling developers to manage complex, multi-package repositories and ensure reproducible builds across different platforms. The tool distinguishes itself through its use of a global, content-addressable cache and hard-link-based environment provisioning, which allow for near-instant environment creation and minimal disk usage. It employs a high-performance solver to satisfy complex dependency graphs and supports ephemeral script execution, allowing users to run standalone Python scripts with ad-hoc dependencies without manual setup. Beyond core package management, the project provides a unified command-line interface that integrates with CI/CD pipelines and supports common workflows like building distributions and managing private package indexes. It maintains compatibility with standard tools, offering a drop-in replacement for common environment and package management commands. Comprehensive documentation is available on the project website, covering installation guides, command references, and configuration settings for various development and production environments.

Moto is a cloud service mockery framework and API mock server that simulates AWS infrastructure locally. It allows developers to test cloud-dependent code and verify infrastructure-as-code templates without deploying real resources or incurring costs. The project functions as an SDK interceptor that can patch existing service clients to redirect requests to a local mock environment. It can also be run as a standalone HTTP server, enabling any programming language to interact with the simulated endpoints. The framework covers a vast array of simulated capabilities, including data storage, compute and hosting, identity and access management, AI and machine learning, and networking. It further supports the simulation of complex environments through account-based resource isolation and simulated access control to mimic multi-tenant cloud logic.

Firecracker is a virtual machine monitor that leverages hardware-assisted virtualization to create and manage isolated execution environments. It functions as a lightweight runtime designed to launch virtual machines with minimal memory overhead and near-instantaneous startup times, providing the security of traditional hardware virtualization with the efficiency of containerized workloads. The project distinguishes itself through a security-focused architecture that enforces strict process boundaries using system-level barriers and restricted user privileges. It minimizes the attack surface by implementing a minimalist device model, which includes only the essential virtualized hardware required for booting. Management of the virtual machine lifecycle and hardware configuration is handled through a synchronous network-based control plane, allowing for precise runtime adjustments to CPU, memory, and device attachments. The system supports high-performance communication between the guest operating system and host resources through standardized device emulation. It is designed for multi-tenant infrastructure, enabling the secure execution of concurrent workloads on shared physical hardware. The software is distributed as a single statically linked binary to simplify deployment across diverse host environments.

1Panel is a centralized server management and container orchestration platform designed to simplify the administration of Linux-based infrastructure. It provides a unified web interface for managing containerized workloads, automating system maintenance, and configuring server resources. By acting as a comprehensive control plane, the platform streamlines the deployment of applications, databases, and web services while offering granular control over host system internals and security settings. What distinguishes this platform is its integrated support for private artificial intelligence infrastructure. It functions as an AI infrastructure manager, allowing users to host, configure, and deploy local machine learning models and multi-agent workflows directly on their private servers. This capability is complemented by a programmable reverse proxy that handles web traffic routing, load balancing, and SSL termination, providing a high-performance layer for managing incoming requests and security filtering. The platform covers a broad range of administrative tasks, including automated data backups, system updates, and the deployment of curated open-source software through a centralized marketplace. It supports declarative service configuration and event-driven scheduling to maintain operational reliability across diverse hosting environments. Users can manage these operations through a command-driven environment that integrates natural language processing for system maintenance and incident response. The software can be installed on a Linux server using a single command script to initialize the management dashboard and begin infrastructure operations immediately.