Your go-to App Store for CasaOS and ZimaOS devices like the ZimaCube Pro, featuring 28 apps spanning Generative AI, agent platforms, productivity, development, and more.
Apps listed here are third-party software. This store provides Docker Compose configurations — container images are hosted and maintained by their respective upstream projects. This software is distributed under the Apache 2.0 license and is provided "AS IS" without warranty of any kind. Review each app's SECURITY.md and compliance.yaml before use.
This store is designed to meet European regulatory standards (GDPR, NIS2, CRA, EU AI Act) with a comprehensive security posture:
Security researchers can report vulnerabilities via GitHub Private Vulnerability Reporting: https://github.com/a730/ZIMA-AppStore/security/advisories/new
Includes safe harbor for researchers in EU/EEA/Norway/Switzerland. See SECURITY.md for the full policy.
Every app passes the following automated checks on each push:
| Check | What it prevents |
|---|---|
| Hardcoded secrets | Passwords, API keys, and tokens must use ${VAR} env patterns, not literal values |
| Privileged containers | Flags apps running with unrestricted host access (privileged: true) |
| Exposed database ports | DB ports (5432, 6379, 3306) flagged if exposed to the host LAN unnecessarily |
| Missing resource limits | CPU/memory limits checked on every main service |
| Capability hardening | Verifies cap_drop: ALL when cap_add is used |
no-new-privileges |
Checks security_opt: no-new-privileges:true is set |
Every container image across all 28 apps is scanned for critical/high CVEs using Trivy on each CI run. Additionally, SPDX 2.3 SBOMs are generated for every image and published in sboms/, providing full supply chain transparency for NIS2 and CRA compliance.
Each app includes:
compliance.yaml— Data storage, network egress, authentication, hardening, compliance metadataSECURITY.md— Default credentials, exposed ports, backup procedures, security recommendations, SBOM location
| App | Description | Category | GPU |
|---|---|---|---|
| InvokeAI | Advanced Stable Diffusion Interface | Generative AI | NVidia |
| LLM Scaler | Intel Arc optimized LLM scaling | Generative AI | NVidia |
| Open WebUI | Interface for your local LLMs | Generative AI | NVidia |
| SGLang (CUDA) | High-performance LLM inference (CUDA 12 + HiCache) | Generative AI | NVidia |
| Unsloth Studio | Efficient LLM fine-tuning and deployment | Generative AI | NVidia |
| vLLM (AVX2 + OpenVINO) | High-throughput LLM serving (AVX2 + OpenVINO) | Generative AI | NVidia |
| Qdrant | High-performance vector database for AI | AI Serving | NVidia |
| Hermes Web UI | Web dashboard for Hermes Agent | Agent Platforms | No |
| HermesHQ | Control plane for Hermes Agent instances | Agent Platforms | No |
| MCPHub | Unified hub for MCP server management | Agent Platforms | No |
| Mission Control | AI agent orchestration dashboard | Agent Platforms | No |
| OpenClaw OS | All-in-one AI assistant with generative workspace | Agent Platforms | No |
| Paperclip | AI agent company orchestration platform | Agent Platforms | No |
| SwarmClaw | Self-hosted AI agent runtime and multi-agent framework | Agent Platforms | No |
| SwarmControl | Autonomous AI agent swarm orchestration with local LLM | Agent Platforms | No |
| Blinko | Privacy-first AI note-taking and knowledge base | Productivity | No |
| BookStack | Self-hosted documentation wiki | Productivity | No |
| Paperless-ngx | Document management system with OCR | Productivity | No |
| Coolify | Self-hosted PaaS for apps and services | SelfHost | No |
| ZeroDotEmail | AI-powered, privacy-first email client | Communication | No |
| HandBrake | Open-source video transcoder with web GUI | Creative Tools | No |
| MusicBrainz Picard | Cross-platform music tagger with web GUI | Creative Tools | No |
| Blender | 3D computer graphics toolset for animation, VFX, art, and games | LinuxServer.io | No |
| CNCjs | Web-based CNC milling controller interface | Makerspace | No |
| Mango | Self-hosted manga server and web reader with anime streaming | Entertainment | No |
| OneDev | All-in-one DevOps platform | Development | No |
| Open Terminal | Secure web-based terminal | Utilities | No |
| RomM | Beautiful ROM manager | Games | No |
- Install CasaOS or ZimaOS on your device
- Register this app store via CLI:
casaos-cli app-management register app-store https://github.com/a730/ZIMA-AppStore/archive/refs/tags/v1.2.0.zip
- Browse and install any app with one click
- Minimum: Any x86_64 or arm64 device running CasaOS/ZimaOS
- Recommended: Device with dedicated GPU (NVIDIA RTX series or Intel Arc) for AI workloads
- Storage: SSD recommended for AI model storage