🚩 RedFlag

"From each according to their updates, to each according to their needs"

Self-hosted, open-source update management for your entire infrastructure. Monitor and manage Windows, Linux, and Docker updates from a single dashboard. Built by self-hosters, for self-hosters.

Get Started View on GitHub Documentation
⚠️ Alpha Status: RedFlag is currently in active development. Core functionality works, but this is research-grade software. Read our Security Guide before deploying.

Why RedFlag?

Commercial RMM tools cost hundreds of dollars per agent. Open-source alternatives are either detection-only or overcomplicated. RedFlag fills the gap: simple, self-hosted, and free.

🎯

Single Pane of Glass

View all pending updates across your entire infrastructure in one place. No more logging into 47 servers.

🏠

Self-Hosted

Your data, your infrastructure. No SaaS fees, no vendor lock-in, no external dependencies.

πŸ”“

Open Source

AGPLv3 licensed. Audit the code, contribute features, fork it if you want. True software freedom.

πŸ–₯️

Cross-Platform

Linux (apt, yum, dnf), Windows (Windows Update, Winget), Docker containers, and more coming.

⚑

Lightweight Agents

Single binary, minimal dependencies. Agents poll the server every 5 minutesβ€”firewall friendly.

πŸ€–

AI-Ready Architecture

Designed from the ground up for future AI integration: natural language queries, intelligent scheduling.

Current Status

Working (Alpha)

  • Server API with PostgreSQL
  • Agent registration & authentication
  • Linux APT package scanner
  • Docker container detection
  • Update discovery & tracking
  • Manual approval workflow
  • REST API for all operations

In Progress

  • Web dashboard (React + TailwindCSS)
  • Docker Registry API integration
  • Update installation execution
  • Windows agent development
  • CVE data enrichment
  • Security hardening

Roadmap

  • AI-powered scheduling
  • Natural language queries
  • Maintenance windows
  • Rollback capabilities
  • YUM/DNF scanner
  • Snap/Flatpak support
  • Multi-tenancy for MSPs

Known Limitations

  • Docker scanner: Currently a stubβ€”doesn't actually query registries yet
  • Update installation: Discovery only; installation not implemented
  • CVE data: APT scanner doesn't fetch security advisory data yet
  • No web dashboard: API-only at the moment
  • Security: Needs hardening before production use

How It Works

Pull-based architecture: agents check in with the server every 5 minutes, receive commands, execute them, and report results. Simple, secure, and firewall-friendly. 

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚              Your Infrastructure                     β”‚
β”‚                                                      β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”          β”‚
β”‚  β”‚  Linux   β”‚  β”‚  Linux   β”‚  β”‚  Linux   β”‚          β”‚
β”‚  β”‚  Agent   β”‚  β”‚  Agent   β”‚  β”‚  Agent   β”‚          β”‚
β”‚  β”‚          β”‚  β”‚          β”‚  β”‚          β”‚          β”‚
β”‚  β”‚  β€’ APT   β”‚  β”‚  β€’ YUM   β”‚  β”‚  β€’ APT   β”‚          β”‚
β”‚  β”‚  β€’ Dockerβ”‚  β”‚  β€’ Dockerβ”‚  β”‚  β€’ Dockerβ”‚          β”‚
β”‚  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”˜          β”‚
β”‚       β”‚             β”‚             β”‚                 β”‚
β”‚       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                 β”‚
β”‚                     β”‚ Poll every 5 min              β”‚
β”‚                     β–Ό                                β”‚
β”‚       β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”               β”‚
β”‚       β”‚   RedFlag Server (Go)       β”‚               β”‚
β”‚       β”‚   β€’ REST API                β”‚               β”‚
β”‚       β”‚   β€’ PostgreSQL Database     β”‚               β”‚
β”‚       β”‚   β€’ Command Queue           β”‚               β”‚
β”‚       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜               β”‚
β”‚                     β–²                                β”‚
β”‚                     β”‚ HTTPS                          β”‚
β”‚       β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”                   β”‚
β”‚       β”‚   Web Dashboard         β”‚   (Coming Soon)   β”‚
β”‚       β”‚   (React + TailwindCSS) β”‚                   β”‚
β”‚       β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                   β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Technology Stack

Server

Go 1.25 + Gin Framework
PostgreSQL 16
JWT Authentication

Agent

Go 1.25
Single Binary
Systemd Service

Web (Planned)

React 18 + TypeScript
TailwindCSS
TanStack Query

Deployment

Docker Compose
Kubernetes
Bare Metal

Documentation

πŸš€ Quick Start

Get RedFlag running in under 10 minutes with our step-by-step guide.

Getting Started β†’

πŸ” Security Guide

Essential security considerations before deploying to production.

Security Docs β†’

πŸ“– API Reference

Complete API documentation for integrating with RedFlag.

API Docs β†’

Community & Contributing

RedFlag is a community project. No company backing, no VC fundingβ€”just volunteers building tools we wish existed.

Ways to Contribute

πŸ’» Code

Windows agent, web dashboard, package managers, Docker Registry API integration.

πŸ“ Documentation

Setup guides, troubleshooting, API examples, translation.

πŸ§ͺ Testing

Test on different distros, report bugs, verify security.

⭐ Feedback

Feature requests, bug reports, usability suggestions.

Check out our GitHub organization to get started. No corporate CLA, no meetingsβ€”just code and pull requests.