Images
dockmesh’s Images page shows every image on every host with size, age, in-use status, and vulnerability count (if scanning is enabled).
The list view
Section titled “The list view”Columns:
| Column | Description |
|---|---|
| Repository:Tag | Full image reference with digest tooltip |
| Image ID | Short SHA |
| Size | On-disk size, uncompressed |
| Created | When the image was built |
| Host | Which host holds this copy |
| In use | ✓ if at least one container uses this image |
| CVEs | Count from Grype scan (if enabled) |
Multiple hosts often have the same image — each copy is a separate row unless you group by repository.
Pulling images
Section titled “Pulling images”Actions → Pull image opens a dialog:
- Reference — e.g.
postgres:16-alpineorghcr.io/org/app:latest - Host — single host or broadcast to a tag
- Credentials — optional, uses the saved registry if the reference matches
Pull progress streams live with per-layer bars. On failure, the full error is shown (DNS, auth, rate-limit, etc.).
Registry authentication
Section titled “Registry authentication”For private registries, save credentials once under Settings → Registries:
| Field | Example |
|---|---|
| Name | ghcr-private |
| URL | ghcr.io |
| Username | dockmesh-bot |
| Password / Token | ghp_... |
| Scope | All hosts, or tag filter |
Supported registries (tested):
- Docker Hub (anonymous or auth)
- GitHub Container Registry (
ghcr.io) - GitLab Container Registry (
registry.gitlab.com) - AWS ECR (with access key / secret)
- Google Artifact Registry (with service account JSON)
- Harbor (private)
- Gitea registry
- Any Docker v2-compatible registry
Credentials are encrypted at rest using the same key derivation as the CA.
Pruning
Section titled “Pruning”Over time, dangling images and old tags accumulate. dockmesh has three prune modes:
- Dangling only — images with
<none>tags, safe to remove - Unused — images not currently referenced by any container
- All but current — aggressive; keeps only images in use by running containers
Runs per-host. Dry-run preview shows what would be deleted before you confirm.
Schedule recurring prunes under Settings → Maintenance → Image prune (weekly default).
Inspect
Section titled “Inspect”Clicking an image shows:
- Full digest
- Layer-by-layer breakdown with size and creation command
- Environment and exposed ports from the manifest
- Architecture (
linux/amd64,linux/arm64, …) - Base image (if detectable)
- Vulnerability report (CVE list with severity, fixed version)
See also
Section titled “See also”- Vulnerability Scanning — Grype integration
- Containers — what uses an image
- Configuration — registry auth env vars for bootstrap