Network documentation is a headache everyone in IT ops and platform engineering knows too well. Drawing network diagrams manually or relying on outdated SNMP walks becomes a full-time job in large or segmented infrastructures. Scanopy tackles this problem with a Rust-based daemon that automates network model discovery and documentation, replacing the need for manual diagrams with continuously updated network views.
What scanopy does and how it models network infrastructure
Scanopy is an agentless network documentation daemon written in Rust that automatically scans infrastructure on a schedule to build and maintain an up-to-date model of your network. Instead of manually creating network diagrams or relying on separate tools for layer 2 (physical), layer 3 (logical), workload, and application views, Scanopy produces all four views from a single scan process.
The daemon uses 230+ built-in service definitions (fingerprints) to identify network services discovered during scanning. It supports distributed scanning across different network segments, making it suitable for complex environments with VLANs or isolated segments.
The architecture focuses on continuous discovery and model maintenance rather than one-off inventory snapshots. This means the daemon runs constantly, periodically scanning and updating the network topology, service states, and workload composition. The resulting model supports multiple views:
- L2 physical topology showing actual switch port connections
- L3 logical topology showing IP routing and subnet relationships
- Workload view mapping network entities to compute workloads
- Application view correlating network services to applications
Integration points include Docker and SNMP, allowing Scanopy to enrich data with containerized workloads or SNMP-derived device details.
The project targets multiple user groups: platform engineering teams who need accurate network state for deployments, network engineers managing physical and logical topologies, IT operations teams maintaining service visibility, Managed Service Providers (MSPs) supporting client networks, and homelab enthusiasts who want automated documentation without manual effort.
Scanopy is self-hosted under an AGPL-3.0 license. Deployment options are flexible — it can run under Docker Compose, inside a lightweight Proxmox LXC container, or as an Unraid community app. For those who prefer not to manage the infrastructure themselves, a hosted cloud service is also available.
Technical strengths and architectural tradeoffs
Scanopy’s core strength lies in replacing manual network documentation with an automated, continuously updated model built from a single scanning daemon written in Rust. Rust’s safety and performance characteristics are well-suited for this kind of long-running, network-intensive service.
The daemon is agentless, meaning it does not require installation of software on network devices or endpoints. Instead, it relies on network protocols and service fingerprints to discover topology and workloads remotely. This drastically reduces operational overhead and security concerns compared to agent-based approaches.
The project boasts over 230 predefined service fingerprints, enabling it to identify a wide range of network services out of the box. This rich service detection supports application-level views and workload mapping, adding value beyond traditional SNMP-based topology mappers.
Distributed scanning across VLANs and network segments is another important feature. Many networks are segmented for security or performance reasons, so a single scanner cannot see everything. Scanopy supports distributing scanning tasks across multiple agents or instances to cover segmented infrastructures, then consolidates the data into a unified network model.
The multi-view model (L2 physical, L3 logical, workloads, applications) from a single scan simplifies the data pipeline and ensures consistency across views. This contrasts with many traditional tools that require separate scans or integrations for different topology layers.
On the flip side, continuous scanning and model maintenance introduce complexity in deployment and resource usage. Running scheduled scans regularly requires careful tuning to avoid network overload or detection by intrusion systems. The agentless approach, while operationally simpler, may miss some details that agents installed on devices or workloads could provide.
The project’s codebase reportedly emphasizes clean architecture and reliability, though specifics on code structure or testing are not detailed in the analysis. The Rust implementation suggests memory safety and concurrency benefits, which are important for a network scanner.
Quick start with Scanopy
For those wanting to try Scanopy quickly in a self-hosted environment, the README provides straightforward Docker Compose commands:
curl -O https://raw.githubusercontent.com/scanopy/scanopy/refs/heads/main/docker-compose.yml
docker compose up -d
This starts Scanopy in a containerized setup. After the service is running, you can access the web UI at http://<host>:60072. Initial setup involves creating an account and waiting for the first discovery scan to complete.
If Docker Compose isn’t your preference, Scanopy also supports deployment via Proxmox LXC containers and Unraid community apps, which can be helpful in homelab or virtualization environments.
For detailed configuration, scanning options, and advanced setup, the README points to an installation guide, which is worth consulting before production use.
Verdict: who should consider Scanopy?
Scanopy fills a real gap for teams and individuals who want to automate network documentation without juggling multiple specialized tools or manual diagrams. Its Rust-based design and agentless scanning make it suitable for production environments where safety, reliability, and performance matter.
Platform teams managing complex infrastructure will find value in the continuously updated multi-layer topology views. Network engineers benefit from physical and logical maps that reflect real-time changes without manual intervention. IT ops and MSPs can use Scanopy to improve visibility across client networks, especially those with segmented VLANs.
Homelab users who dislike manual network inventory will appreciate the automated scanning and rich views, though the deployment complexity might be a bit much for very small setups.
Limitations include the inherent tradeoffs of agentless scanning — some details require direct device access agents can provide. Also, running scheduled scans needs tuning to avoid network impact. The project’s reliance on a single Rust daemon means the learning curve and operational model differ from traditional SNMP walkers or diagramming tools.
Overall, Scanopy is a practical, well-implemented tool that replaces several manual and fragmented network documentation workflows with a unified, continuously maintained model. If your infrastructure demands accurate, up-to-date network documentation without heavy operational overhead, Scanopy is worth evaluating.
Related Articles
- nh: a Rust-based unified CLI for the Nix ecosystem with enhanced search and ergonomics — nh is a Rust CLI tool consolidating Nix, NixOS, and Home Manager commands with improved ergonomics, speed, and Elasticse
- rs-top: agentless remote system monitoring via SSH with a Rust TUI — rs-top is a Rust-based lightweight remote system monitor that uses SSH to provide a real-time TUI dashboard without any
- NeoHtop: a lightweight cross-platform system monitor built with Tauri, Rust, and SvelteKit — NeoHtop is a cross-platform system monitor combining a Rust backend with a SvelteKit UI via Tauri, offering efficient de
- GrafeoDB: a high-performance Rust graph database supporting six query languages with a unified execution model — GrafeoDB is a Rust-native graph database supporting LPG and RDF with six query languages. Its modular translator compile
- Naersk: reproducible, IFD-free Rust builds with Nix — Naersk is a Nix library enabling reproducible Rust builds free of Impure Function Dependencies. It parses Cargo.lock and
→ GitHub Repo: scanopy/scanopy ⭐ 4,873 · Rust