Docker
Discover Docker registries, repositories, images, and manifests.
The Docker molecule automatically syncs Docker registry data into your SixDegree ontology, providing visibility into container images, tags, and manifests.
- SixDegree Platform installed
- Access to Docker registry (Docker Hub, private registry, or cloud registry)
- Registry credentials (for private registries)
discovery:
enabled: true
settings:
# Registry connection
registry_url: "https://registry-1.docker.io"
# Optional: Authentication (required for private registries)
username: "your_username"
password: "your_password_or_token"
# Repositories to scan
repositories:
- "myorg/api-service"
- "myorg/frontend"
- "myorg/worker"
# Optional: Include manifests (detailed image information)
include_manifests: true
# Optional: Include tags
include_tags: true
# Optional: Filter tags by pattern
tag_pattern: "^v\\d+\\.\\d+\\.\\d+$" # Regex: only semantic versions
mcp:
enabled: true
settings:
registry_url: "https://registry-1.docker.io"
username: "your_username"
password: "your_password_or_token"
namespace: "production"
The Docker molecule discovers:
entities.sixdegree.ai/v1/DockerRegistry- Docker registry instanceentities.sixdegree.ai/v1/DockerRepository- Container image repositoryentities.sixdegree.ai/v1/DockerImage- Docker image with specific tagentities.sixdegree.ai/v1/DockerManifest- Image manifest with layers and config
Each DockerImage entity includes:
- Tag: Image tag (e.g.,
latest,v1.2.3) - Digest: Content-addressable SHA256 digest
- Size: Total image size in bytes
- Created: Image creation timestamp
- Architecture: Platform architecture (amd64, arm64, etc.)
When include_manifests: true, each image includes:
-
Layers: List of layer digests and sizes
-
Config: Image configuration (ENV vars, CMD, etc.)
-
Platform: OS and architecture
-
BELONGS_TO- Image belongs to Repository, Repository belongs to Registry -
USES- Image uses base image (detected from manifest) -
BUILT_FROM- Image built from another image
AI agents can use these Docker registry tools:
List all repositories in a registry.
Example:
User: "What container images do we have?"
AI: [Calls docker_list_repositories]
"Found 8 repositories:
• myorg/api-service
• myorg/frontend
• myorg/worker
• myorg/database-migrations"
List all tags for a repository.
Parameters:
repository(string, required) - Repository name
Example:
User: "What versions of api-service are available?"
AI: [Calls docker_list_tags]
"api-service tags:
• v1.2.3 (latest)
• v1.2.2
• v1.2.1
• v1.1.0"
Get detailed manifest information for an image.
Parameters:
repository(string, required) - Repository nametag(string, required) - Image tag or digest
Example:
User: "Show me details about api-service:v1.2.3"
AI: [Calls docker_get_manifest]
"api-service:v1.2.3 details:
• Size: 245 MB
• Architecture: amd64
• Base image: golang:1.21-alpine
• Layers: 8
• Created: 2025-01-15"
Get image layer history.
Parameters:
repository(string, required) - Repository nametag(string, required) - Image tag
Example:
User: "What's in the api-service image?"
AI: [Calls docker_get_image_history]
"api-service:v1.2.3 layers:
1. FROM golang:1.21-alpine (45 MB)
2. RUN apk add ca-certificates (2 MB)
3. COPY --from=builder /app/binary (198 MB)"
discovery:
settings:
registry_url: "https://registry-1.docker.io"
username: "myusername"
password: "dckr_pat_xxx" # Docker Hub access token
repositories:
- "library/nginx"
- "myorg/myapp"
discovery:
settings:
registry_url: "https://registry.company.com"
username: "registry-user"
password: "registry-password"
repositories:
- "internal/api"
- "internal/frontend"
discovery:
settings:
registry_url: "https://123456789.dkr.ecr.us-east-1.amazonaws.com"
username: "AWS"
password: "<ecr-token>" # Get with: aws ecr get-login-password
repositories:
- "production/api-service"
discovery:
settings:
registry_url: "https://us-docker.pkg.dev"
username: "_json_key"
password: "<service-account-json>"
repositories:
- "project-id/repository/image"
discovery:
settings:
registry_url: "https://myregistry.azurecr.io"
username: "myregistry"
password: "<access-token>"
repositories:
- "api-service"
degree discovery run docker@1.0.0 --config docker-config.yaml
degree discovery run docker@1.0.0 --config docker-config.yaml --dry-run
DOCKER_LOG_LEVEL=debug degree discovery run docker@1.0.0 --config docker-config.yaml
Once configured, AI agents can query Docker registries:
You: "What's the latest version of our api-service?"
AI: [Uses docker_list_tags]
"The latest version is v1.2.3, tagged 2 hours ago"
You: "How big is that image?"
AI: [Uses docker_get_manifest]
"api-service:v1.2.3 is 245 MB compressed"
cd docker
go build -o ../bin/docker
cd ..
make dev
Use tag_pattern to filter tags by regex:
tag_pattern: "^v\\d+\\.\\d+\\.\\d+$"
tag_pattern: "^prod-.*"
tag_pattern: "^(?!.*snapshot).*$"
- Store credentials as secrets in your configuration
- Use registry access tokens instead of passwords
- Limit token permissions to read-only for discovery
- For cloud registries, use service accounts with minimal permissions
- Regularly rotate credentials
Authentication failed:
- Verify credentials are correct
- For Docker Hub, use access tokens (not password)
- For cloud registries, ensure token hasn't expired
Repository not found:
- Check repository name format (namespace/image)
- Verify credentials have access to repository
- For private registries, include registry hostname in repository name
Rate limiting:
- Docker Hub rate limits unauthenticated requests
- Authenticate to increase rate limits
- Consider caching or reducing discovery frequency
Missing tags:
-
Check
tag_patternregex is correct -
Verify
include_tags: trueis set -
Enable debug logging to see filtered tags
MIT - See LICENSE file in molecules directory