Dockyard

A centralized repository for packaging Model Context Protocol (MCP) servers into secure, verified containers.

Dockyard automatically builds, scans, and publishes container images for MCP servers. Every container is security-scanned, signed with Sigstore, and includes full build provenance.

Quick Start

# Pull a container
docker pull ghcr.io/stacklok/dockyard/npx/context7:2.1.0

# Verify its signature
cosign verify \
  --certificate-identity-regexp "https://github.com/stacklok/dockyard/.github/workflows/build-containers.yml@refs/heads/.*" \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  ghcr.io/stacklok/dockyard/npx/context7:2.1.0

# Run it
docker run -it ghcr.io/stacklok/dockyard/npx/context7:2.1.0

Documentation

I want to...	Go here
Use Dockyard containers	Getting Started
Add my MCP server	Adding MCP Servers
Understand the security model	Security Overview
Verify attestations	Container Attestations
Check package provenance	Package Provenance

Supported Protocols

Protocol	Registry	Example
`npx://`	npm	`ghcr.io/stacklok/dockyard/npx/context7:2.1.0`
`uvx://`	PyPI	`ghcr.io/stacklok/dockyard/uvx/aws-documentation-mcp-server:1.1.16`
`go://`	Go modules	`ghcr.io/stacklok/dockyard/go/netbird:0.1.0`

Browse available servers: npx/ | uvx/ | go/

Add Your MCP Server

Create a spec.yaml in the appropriate directory and submit a PR:

metadata:
  name: your-server
  description: "What your server does"
  protocol: npx  # or uvx, go

spec:
  package: "your-package-name"
  version: "1.0.0"

Our CI/CD pipeline will automatically:

Scan for security vulnerabilities (blocking)
Verify package provenance (informational)
Build multi-arch containers
Sign and attest with Sigstore
Publish to ghcr.io/stacklok/dockyard

See Adding MCP Servers for the full guide.

Security

Every container includes:

MCP Security Scan - Scanned with mcp-scanner before build
Container Scan - Trivy vulnerability scanning
Signed Images - Sigstore/Cosign keyless signatures
Attestations - SBOM, build provenance, and security scan results

See Security Overview for details.

Contributing

We welcome contributions! See CONTRIBUTING.md for guidelines.

To add an MCP server, see Adding MCP Servers.

License

Apache 2.0 - see LICENSE for details.

Links

ToolHive - Container building technology
MCP Documentation - Model Context Protocol
Sigstore - Container signing

Name		Name	Last commit message	Last commit date
Latest commit History 486 Commits
.claude		.claude
.github/workflows		.github/workflows
cmd/dockhand		cmd/dockhand
docs		docs
go/netbird		go/netbird
internal/provenance		internal/provenance
npx		npx
scripts/mcp-scan		scripts/mcp-scan
test/renovate		test/renovate
uvx		uvx
.gitignore		.gitignore
.golangci.yml		.golangci.yml
CODE_OF_CONDUCT.md		CODE_OF_CONDUCT.md
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile.slack		Dockerfile.slack
LICENSE		LICENSE
README.md		README.md
SECURITY.MD		SECURITY.MD
Taskfile.yml		Taskfile.yml
go.mod		go.mod
go.sum		go.sum
renovate.json		renovate.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Dockyard

Quick Start

Documentation

Supported Protocols

Add Your MCP Server

Security

Contributing

License

Links

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 9

Uh oh!

Languages

License

stacklok/dockyard

Folders and files

Latest commit

History

Repository files navigation

Dockyard

Quick Start

Documentation

Supported Protocols

Add Your MCP Server

Security

Contributing

License

Links

About

Resources

License

Code of conduct

Contributing

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 9

Uh oh!

Languages

Packages