CAS-541: Homepage Content & Navigation Plan
Context
CascadeGuard has two product lines, each with an open-source core and a premium tier:
- Supply chain tools — image lifecycle management (
cg images, formerly “Image Factory”) and pipeline management (cg build). Open-source CLI with premium features planned. - Secure Base Images — pre-hardened container base images. Free community images with premium SLA-backed images planned.
The current homepage leads with managed images and does not surface the supply chain tools or the open-source story. Both product lines span open source and premium — the business model is not “CLI = free, images = paid”. This plan addresses naming, homepage architecture, navigation, and docs/onboarding clarity.
1. Product Vocabulary (Naming Decisions)
Vocabulary
| Term | What it means | Used where |
|---|---|---|
| CascadeGuard | The product and brand. The open-source CLI. | Everywhere — product name, repo, docs, marketing |
| Image Factory | The end-to-end image lifecycle process: detect upstream change → rebuild images → roll out to deployments. Implemented by cg images. | Docs, capability descriptions, homepage explainer |
| Build Tooling Management | Secure and manage the build tools themselves: pin versions, scan referenced containers and libraries, surface CVEs. Implemented by cg build. Independent of Image Factory — applies to any repo with CI/CD pipelines, not just image builds. | Docs, capability descriptions, homepage explainer |
| CascadeGuard Secure Images | Pre-hardened base images maintained by CascadeGuard. | Separate product line |
| CascadeGuard Platform | Future SaaS — dashboard, scanning, alerting, team features. | ”Coming soon” references |
Note: “Software supply chain” is still the high-level positioning for CascadeGuard, but Image Factory and Build Tooling Management are two independent capabilities — not subcategories of a single feature.
cg buildsecures build tooling across all repos (application, infrastructure, anything with CI), not just repos involved in the image lifecycle.
Two product lines, each with open-source and premium tiers
| Product Line | Name | Open Source | Premium |
|---|---|---|---|
| Image Factory | CascadeGuard cg images | Core CLI — end-to-end image lifecycle (detect → rebuild → roll out) | Advanced image scanning, compliance dashboards, team features |
| Build Tooling Management | CascadeGuard cg build | Pin, scan, and manage build tools across any repo (GitHub Actions, GitLab CI, containers, libraries) | Extended scanning, policy enforcement, vulnerability alerting |
| Base images | CascadeGuard Secure Images | Community images — hardened, signed, SBOM-attached | SLA-backed images, priority CVE patching, extended support |
| Platform | CascadeGuard Platform | — | Dashboard, scanning, alerting, CI/CD integrations |
The CLI IS CascadeGuard. The brand is the open-source project. Both product lines have free and premium tiers.
Image Factory — the core lifecycle process
“Image Factory” is the name for the end-to-end image lifecycle process that cg images implements:
- Detect — monitors upstream base images for changes, CVEs, and new versions
- Rebuild — triggers signed rebuilds of your images via git commits and CI/CD pipeline invocation
- Roll out — monitors build & deployment steps, ensuring updated images reach all deployments
In v1, cg images provides the overarching “check” pipeline and triggers downstream repos via git commits, build step invocation, and deployment monitoring.
Build Tooling Management — securing CI/CD across all repos
“Build Tooling Management” is what cg build provides — independent of Image Factory:
- Pin — lock CI/CD tool versions (GitHub Actions, GitLab CI runners, build plugins) to verified, safe versions
- Scan — inspect referenced containers and (eventually) libraries in CI configs, surface CVEs
- Manage — apply supply chain rules to keep tooling up to date and compliant
This applies to any repository with a CI/CD pipeline — not just image build repos. A team might use cg build to secure their application repos without ever touching cg images.
2. Homepage Content Architecture
Hero section
Headline:
Automate your software supply chain. Free and open source.
Sub-headline:
CascadeGuard monitors base images, triggers signed rebuilds, and keeps your CI/CD tooling pinned to verified versions — all through your existing GitOps pipeline. Pull our hardened base images or bring your own.
CTAs:
- [Get the CLI] — install command or docs
- [Pull a Secure Image] — Docker Hub / GHCR
- [Star on GitHub] — trust signal
CEO addition: Include “Open source forever. Premium images and platform for teams that need more.” positioning in the hero area.
Two-offering section (“What we offer”)
Side-by-side two-column layout:
Column A — CascadeGuard CLI (Supply Chain Tools)
The CLI that closes your software supply chain loop.
- Image Factory (
cg images) — detect upstream changes, rebuild your images, roll out to deployments. The full lifecycle, automated.- Build Tooling Management (
cg build) — pin, scan, and manage your CI/CD tools: version pinning, container/library scanning, CVE surfacing. Works on any repo, not just image builds.- Works with your existing GitOps pipeline (ArgoCD / Kargo / GitHub Actions / GitLab CI)
- Open source core, free forever. [Install] [GitHub]
Column B — CascadeGuard Secure Images
Production-hardened base images. Community tier free to pull.
- Non-root by default (UID 65532)
- Minimal attack surface — unnecessary packages stripped
- Cryptographically signed with Cosign / Sigstore
- SBOM attached (SPDX)
- Critical CVEs patched within 24 hours
- [Browse Images] [Pull from GHCR]
Upgrade callout (below both columns):
Both products offer a premium tier for teams that need SLA-backed support, advanced scanning, and extended image lifecycle coverage.
How it works (lifecycle loop)
Visual flow (make this a diagram in the actual design):
Upstream image changes → CascadeGuard detects → Triggers rebuild → Scans & signs → Deploys via GitOps → Verified
This is the unique value no competitor delivers. Make it visual and prominent.
Trust / social proof section
- Public CVE dashboard link (“We publish our own security posture, live”)
- GitHub stars count
- Docker Hub / GHCR pull count
- SLSA level badge (when applicable)
Open source + premium framing
Closing section:
CascadeGuard is open source at its core. Both our supply chain tools and community base images are free. Premium tiers add SLA-backed support, advanced scanning, and the CascadeGuard Platform for teams that need more.
3. Navigation Structure
Primary navigation
[CascadeGuard logo]
Products (dropdown)
→ CascadeGuard CLI (open source)
→ Secure Base Images
→ Platform (coming soon)
Docs
Dashboard
Blog
GitHub (external)
[Get Started] [Pull an Image]
Docs navigation (left sidebar)
Getting Started
Quick install
Your first images.yaml
Concepts
CascadeGuard CLI
Image Factory (end-to-end image lifecycle)
Build Tooling Management (pin, scan, manage CI/CD tools)
State repository setup
Configuration reference
Secure Base Images
Image catalog
Security properties
How to use in Dockerfiles
SBOM and signature verification
Deprecation policy
Integrations
GitHub Actions
ArgoCD + Kargo
GitLab CI
Docker Hub / GHCR
Reference
CLI commands
images.yaml schema
.cascadeguard.yaml schema
4. Docs / Onboarding Clarity
Problem with current docs
getting-started.mdis titled “Getting Started with CascadeGuard Image Factory” — this is fine as a docs title since Image Factory is a valid capability name, but the docs need to explain the term up front- The docs do not distinguish the two offerings (CLI vs Secure Images) up front
- There is no clear “where do I start?” decision tree
Recommended changes
1. Keep getting-started title, add context
Keep “Getting Started with CascadeGuard Image Factory” — but add a brief intro explaining that Image Factory is the end-to-end image lifecycle process (detect → rebuild → roll out) powered by
cg images.
2. Add a routing intro
New to CascadeGuard? Two ways to get value immediately:
I want to… Start here Automate my image builds and keep CI/CD tooling pinned CLI Quick Start Drop in a hardened base image right now Secure Images Understand how it all fits together How CascadeGuard works
3. Add a dedicated Supply Chain Automation guide
Supply Chain Automation — How CascadeGuard tracks upstream base images, triggers rebuilds, and manages CI/CD tooling version pinning. For platform engineers who want lifecycle automation, not just image access.
4. Cross-link the offerings
At the bottom of the Secure Images page:
Using CascadeGuard Secure Images in production? Pair them with the CascadeGuard CLI to automate rebuilds and keep your pipeline supply chain secure.
5. Key Messages
| Channel | Message |
|---|---|
| Homepage hero | ”Automate your software supply chain. Free and open source.” |
| OSS value prop | ”The only tool that closes the loop from base image CVE to signed rebuild to GitOps deployment.” |
| Secure Images value prop | ”Production-hardened base images. Non-root. Signed. SBOM attached. Critical CVEs patched in 24h.” |
| Combined story | ”Pull our secure base images, or bring your own — CascadeGuard automates the rebuild loop either way.” |
| Open source + premium | ”Open source at the core. Premium tiers for teams that need SLA-backed support, advanced scanning, and extended coverage.” |
| Open source trust signal | ”Open source forever. We publish our own security posture live on the public dashboard.” |
6. Next Steps
- CEO: Review naming recommendation (dropping “Image Factory” as external brand; calling it “supply chain automation”) — Approved
- CEO: Approve homepage architecture — Approved with “open source + premium” hero addition
- CMO: Draft full homepage copy (hero, two-offering section, lifecycle section) — CAS-544
- CMO: Draft updated docs landing page / decision tree — CAS-544
- CMO: Write designer brief for homepage visual treatment (lifecycle loop diagram) — CAS-544
- CTO: Add Image Factory context intro to
getting-started.mdand add routing intro — CAS-545 - CTO: Align docs nav structure with recommendation above — CAS-545