Skip to content




Tool Description
  • Command line tool that facilitates continuous development for Kubernetes applications
  • Allows to iterate on your application source code locally then deploy to local or remote Kubernetes clusters
  • It handles the workflow for building, pushing and deploying your application
  • A Kubernetes-native pipeline resource
  • The Tekton Pipelines project provides Kubernetes-style resources for declaring CI/CD-style pipelines
  • Add digests to container and init container images in Kubernetes pod and pod template specs
  • Can be used either as a mutating admission webhook, or as a client-side KRM function with kpt or kustomize


Tool Description
quay Registry: Build, Store, and Distribute your Applications and Containers
distribution Basis of the container registry that is part of Docker Hub
reg Docker registry v2 command line client and repo listing generator with security checks
kraken P2P Docker registry capable of distributing TBs of data in seconds
  • Go library and CLIs for working with container registries
  • It also lets you build your own layers and images programmatically
crane crane is a tool for interacting with remote images and registries
  • Syncs container images from one registry to another
  • Useful in cases when you rely on images that exist in a public container registry, but need to pull from a private registry
serverless-registry-proxy Serverless reverse proxy for exposing container registries (GCR, Docker Hub, Artifact Registry etc) on custom domains


Tool Description
velero Backup and migrate Kubernetes applications and their persistent volumes
kube-janitor Cleans up (deletes) Kubernetes resources after a configured TTL
kube-resource-report Report Kubernetes cluster and pod resource requests vs usage and generate static HTML
k8s-image-swapper Mirror images into your own registry and swap image references automatically
outdated Kubectl plugin to find and report outdated images running in a Kubernetes cluster
eraser Remove a list of non-running images from all Kubernetes nodes in a cluster
Kubernetes Instance Calculator Visualize Kubernetes cost calculations in an interactive way
Public Container Images Detector A collection of tools to statically and dynamically identify public container images that are hosted on Docker Hub
kubectl-cost CLI for determining the cost of Kubernetes workloads
Dexter Can be placed into your CI processes to scrape through the repository and find files that contain image references, with the aim of pinning them to the immutable digest
watchtower A process for automating Docker container base image updates


Tool Description
kwatch Monitor and detect crashes in your Kubernetes cluster instantly
kubediff Show differences between running state and version controlled configuration


Build Docker Images

Tool Description
Move Over, Dockerfiles! The New Way to Craft Containers
  • ko (designed specifically for Go applications)
  • Bazel rules_oci
  • Nix dockerTools
  • apko: a build tool from Chainguard designed specifically for creating base images
img Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder
jib Build container images for your Java applications
makisu Docker image building tool, works in unprivileged containerized environments like Mesos and Kubernetes
copilot-cli Tool to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate
  • Build OCI images using APK directly without Dockerfile
  • You can also refer to the companion blog post
finch An open source client for container development, from AWS

Minify Images

Tool Description
Chainguard Images Chainguard Images is a collection of container images designed for minimalism and security
  • Language focused docker images, minus the operating system
  • "Distroless" images contain only your application and its runtime dependencies
  • They do not contain package managers, shells or any other programs
  • Minifies container images by analysing what is actually used at runtime, and throwing away the rest
  • Not a replacement for scratch builds entirely, but a useful stepping-stone towards them
Wolfi A lightweight GNU software distribution which is designed around minimalism, making it well-suited for containerized environments built with apko


Tool Description
hadolint A smarter Dockerfile linter that helps you build best practice Docker images
amazon-ecr-credential-helper Automatically gets credentials for Amazon ECR on docker push/docker pull


Tool Description
  • Linux-based open source operating system designed and optimized specifically for use as a container host
  • Bottlerocket Security Guidance: Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements
EC2 Image Builder Build a golden Windows OS image that follows the STIGs compliance guidelines