Overview
Pull Docker images from public or private registries. Supports automatic vulnerability scanning after pull completion and real-time progress streaming via Server-Sent Events.Endpoint
Query Parameters
Environment ID where the image will be pulled. Optional for local environments.
Request Body
Image name with optional tag or digest:
nginx:latestubuntu:22.04registry.example.com/app:v1.0nginx@sha256:abc123...
Run vulnerability scan after successful pull. Set to
false to skip scan-on-pull when caller will handle scanning separately.Authentication
Requiresimages:pull permission for the specified environment.
Registry Authentication
Authentication headers are automatically built using configured registry credentials. Private registries must be configured in Dockhand settings.Response Format
Returns a job ID for progress tracking via SSE:Progress Events
Download Progress
Extraction Progress
Scan Progress (if enabled)
Scan Results
Complete
Error
Error Responses
Permission denied
Edge agent not connected
Edge Mode Support
For Hawser Edge environments, pull operations are proxied through the edge agent:Tag Parsing
The endpoint intelligently parses image names with tags and digests:Scan-on-Pull
Automatic vulnerability scanning after pull (if scanner is configured):Usage Examples
Pull Public Image
Pull Private Registry Image
Pull with Digest
Stream Progress (JavaScript)
Audit Logging
Pull operations are automatically logged:Related Operations
- List Images - View pulled images
- Scan Image - Run vulnerability scans
- Push Image - Upload to registries
- Registry Configuration - Configure private registries
Notes
- Supports both local and edge environments via Hawser
- Registry authentication is automatic based on configured registries
- Scan-on-pull respects environment scanner settings
- Progress events are streamed in real-time via Server-Sent Events
- Tag defaults to
latestif not specified - Digest format bypasses tag resolution
