Automated Public Docker Image Compliance
Track risks, share insights, and streamline compliance workflows effortlessly.
What You Get
Uncover risks, track changes, and empower your team with clear insights into your Public Docker Images.
Actionable Oversight for Leadership
Equip decision-makers with clarity and confidence to manage compliance challenges effectively:
- Comprehensive image updates and SBOM records.
- Clear vulnerability summaries for prioritization.
- Accountability with audit trails and insights.
Seamless Tools for Engineers
Enable engineers to focus on shipping features without compromising on compliance:
- Automated PRs for image and SBOM updates.
- Vulnerability trends and insights in PRs.
- No workflow disruptions with streamlined reporting.
Explore the Public Dashboard
Gain visibility into Docker image compliance. Monitor CVE trends, digest updates, and SBOM details to foster transparency and collaboration across the community.
Open Insights
Empower your team and the broader community with actionable information, including:
- CVE Severity Summaries
- Public SBOM JSON Files
- Digest Change History (Graph)
Share public Docker image data from private repositories seamlessly—fostering transparency and enabling collaborative accountability. How?
Visualize digest history for selected Docker images to track compliance over time.
Choose Your Plan with Daily Scans
Keep your Docker images secure and compliant every day. Simple repository-based pricing ensures you only pay for what you use.
Free Plan
Perfect for Testing
Explore without commitment—public reports, full transparency, and automated pull requests straight to your repo.
- Support for 1 Repository (Up to 3 Dockerfiles)
- Daily Docker Image Version Updates
- CVE Summaries Included in Pull Requests
- SBOM Generation and Sharing
- Automated Pull Requests to Your Default Branch
Custom Plan
What You Get
Includes everything in the Free Plan, plus expanded features and support tailored for growing teams and more complex projects.
- Flexible Support for Multiple Repositories
- Increased Dockerfile Capacity per Repository
- Priority Assistance for Setup and Troubleshooting
- Repository-Based Pricing for Transparent Costs
- Continuous Improvements Aligned with Customer Feedback
Transparency Through Public Reports
By partnering with Signal.fyi, your team gains access to daily Public Docker Image Reports. From the first pull request, your commitment not only supports your stakeholders but also provides valuable insights to the broader community.
CVE Trends
Identify vulnerability trends by severity and make data-driven decisions with confidence.
SBOM JSON Files
Access and share SBOMs for every Docker image to enhance software visibility and transparency.
Digest Change History
Monitor and understand digest changes over time with actionable insights for improvement.
Set up before you can brew a cup of coffee.
Receive your first pull request before tomorrow's stand-up.
Frequently Asked Questions
To get started with signal.fyi, configure each repository’s Dockerfile to include a
valid
FROM statement that specifies the base image version. This allows signal.fyi to detect, monitor, and update the image as necessary.
Important Restrictions:
- Repository Type: signal.fyi currently supports non-forked repositories only to ensure consistent compliance tracking.
- Dockerfile Limits: The free plan supports 1 repository with a maximum of 3 single or multistage Dockerfiles.
We appreciate user feedback to improve our service. Share your suggestions in our GitHub Support Community .
An SBOM is a comprehensive inventory of all components used in software ("list of ingredients"), crucial for tracking security vulnerabilities. The importance of SBOMs was highlighted in the U.S. Executive Order 14028 from May 2021, aimed at improving cybersecurity across software supply chains.
For more on this topic, see the Executive Order .