· 42ByteLabs Team · Product Launch  · 4 min read

Launching Konarr: Open Source Supply Chain Security for Your Containers

Today we're launching Konarr, a free and open-source web interface for monitoring your servers, clusters, and containers for supply chain security vulnerabilities. Built for homelabs and production environments alike.

Today we're launching Konarr, a free and open-source web interface for monitoring your servers, clusters, and containers for supply chain security vulnerabilities. Built for homelabs and production environments alike.

Launching Konarr

Today we’re excited to announce the launch of Konarr — a simple, easy-to-use web interface and API for monitoring your servers, clusters, and containers for supply chain security vulnerabilities.

Konarr offers a free and open-source alternative to expensive proprietary solutions on the market today. It’s designed to be lightweight and fast, with minimal resource usage, making it perfect for homelabs and production environments alike.

The Problem We’re Solving

This project was born from a real need: monitoring homelabs and production infrastructure for insecure dependencies and components. When you run multiple containers and services — especially ones you didn’t develop yourself — supply chain security becomes a critical concern.

Remember Log4Shell?

In December 2021, Log4Shell (CVE-2021-44228) dropped, and like most of the world, we were scrambling to find if any services were vulnerable. Searching through containers and scanning them manually was a painful, error-prone process.

The existing solutions had two major problems:

  1. Expensive proprietary software - Most tools cost thousands of dollars
  2. Your data on their servers - Many solutions store vulnerability data remotely, which defeats the purpose of running a homelab in the first place

Konarr solves both of these problems.

Key Features

Create and Manage Servers, Clusters, and Containers

Define different Projects and types to capture data about Servers, Clusters, and Containers. Servers, Groups, and Clusters can have sub-projects, allowing you to add Container Projects under them for hierarchical organization.

List, Search, and Show Dependencies

The Konarr Server tracks all dependencies detected in your containers. Search and filter capabilities make it easy to find specific dependencies across your entire infrastructure — critical when a new CVE drops.

Features include:

  • Real-time dependency tracking
  • Advanced search and filtering
  • Dark mode support
  • Clean, intuitive interface

Automatically Upload Bill of Materials (SBOM)

The Konarr Agent automatically detects and uploads SBOMs of containers on your servers. It continuously monitors containers and posts data to the Konarr server.

Default scanner: Syft from Anchore (v0.1)
Supported formats: CycloneDX (more formats coming soon)
Flexibility: Use any SBOM tool you prefer

Highly Configurable

Declarative configuration via konarr.yml allows you to define features exactly as you need them. This is essential for homelab projects and production deployments.

The Tech Stack

Konarr is built with modern, performant technologies:

Backend:

  • Rust - For the REST API and backend service
  • SQLite - Lightweight, fast database
  • REST API first - Everything can be automated

Frontend:

  • Vue.js - Modern, reactive UI framework
  • TypeScript - Type-safe frontend code
  • Detached architecture - Swap frontends if needed

The REST API-first approach means everything is automatable, making Konarr perfect for CI/CD pipelines and infrastructure as code.

Transparency

Open source means transparency. Starting today, the Konarr Project Board is public, giving you a clear roadmap of features and bugs being worked on.

Getting Started

Ready to try Konarr? Check out the Quick Start guide in the repository.

Installation:

curl https://raw.githubusercontent.com/42ByteLabs/konarr/refs/heads/main/install.sh | bash -s

This installs both the Konarr server and agent using containers.

When Should You Use Konarr?

Perfect for:

  • Homelabs wanting to track container dependencies
  • Security-conscious teams needing SBOM management
  • Organizations requiring self-hosted vulnerability tracking
  • DevOps teams automating supply chain security

Note: Konarr is in active development. If you prefer production-stable software only, consider waiting for v1.0.

How to Contribute

We welcome contributions of all kinds:

Name Origin

Konarr is named after Konar quo Maten (translated as “Konar the Hunter”) from Old School RuneScape — a fitting name for a tool that hunts down vulnerabilities.

What’s Next?

We’re committed to continuously improving Konarr until we reach v1.0. The roadmap includes:

  • Support for additional SBOM formats
  • More scanner integrations
  • Enhanced vulnerability database integration
  • Improved UI/UX features
  • Kubernetes integration improvements

Conclusion

Whether you’re running a homelab or production infrastructure, Konarr provides free, open-source supply chain security without compromising your data privacy.

We hope you find Konarr useful for managing and monitoring your container dependencies. Our goal is to make supply chain security accessible to everyone.

Links:

Your feedback and discussions are always welcome!

42ByteLabs Team
Building secure tools for developers, by developers.

Share:
Back to Blog

Related Posts

View All Posts »