Get started in 30 seconds

Pull an image, verify the signature, and you're running on a hardened base. No account required.

1. Pull

Pull any image from the public catalogue at images.rasid.cc. Apache 2.0 — no signup.

docker pull images.rasid.cc/postgres:17

Use Sigstore Cosign to verify the image was signed by Rasid before you run it.

cosign verify images.rasid.cc/postgres:17 \
  --key https://rasid.cc/.well-known/rasid-cosign.pub

Drop the image into your existing Dockerfile, Compose, or Kubernetes manifest. Same interface as the upstream image.

FROM images.rasid.cc/postgres:17
COPY ./schema.sql /docker-entrypoint-initdb.d/

Next: read the image-lifecycle docs to learn how we patch, when we rotate tags, and how to subscribe to advisories. Image lifecycle.