signal.fyi automates public Docker image compliance and reporting with scans, SBOM creation, and actionable insights. Public dashboard and reports provide visibility for stakeholders—no source code access required. PRs integrate seamlessly into your workflow, keeping you compliant without extra effort. Set up before you can brew a cup a coffee.

Get Started with signal.fyi in 3 Easy Steps:

1. Install signal.fyi from the GitHub Marketplace

   • Free Plan: Free Plan: Select one repository to start with, and get up and running in minutes.

     • Receive your first pull request within 24 hours, automatically enriching your workflow with key insights
     • (valid for up to three Dockerfiles, including single or multistage builds).
     • ⚠️ must select "Only select repositories" during installation.

   • Custom Plan: Contact Sales

2. Automate Public Docker Image Version Management & Compliance Reporting

   • signal.fyi scans your Dockerfiles and automatically creates pull requests to update your public base Docker images, ensuring version consistency and compliance.
   • Pull requests include pinned digests: {image}:{tag}@{digest}, improving traceability and auditability.
   • SBOM updates are seamlessly integrated into your workflow, supporting transparency and compliance.

3. Leverage Public Reports & Dashboards

   • Instant Access: No login required—view live dashboards and public reports with detailed compliance insights, CVE summaries, and digest histories.
   • Stakeholder Transparency: Share links to daily public Docker Image Reports directly from pull request bodies, providing visibility without granting access to source code.
   • Maintain full control while ensuring your team and external partners are informed.