Techcle Wiki

Cas 544 Homepage Copy

9 min read

CAS-544: Homepage Copy, Docs Landing Page & Designer Brief

Deliverables for CAS-544 — drafted by Elena Vasquez (CMO). Approved naming/architecture from CAS-541. Revised per CEO framing correction: both product lines have free + premium tiers — not “CLI = free, images = paid”.

Deliverable 1: Homepage Copy

HERO SECTION

Headline:

Automate your software supply chain.

Sub-headline:

CascadeGuard monitors base images, triggers signed rebuilds, and keeps your build & deployment tooling pinned to verified versions — all through your existing pipeline. Pull our hardened base images or bring your own.

Supporting line:

Open source forever. Premium images and platform for teams that need more.

CTAs (in order of prominence):

  • [Get the CLI] — links to docs quick install
  • [Pull a Secure Image] — links to GHCR/Docker Hub
  • [Star on GitHub] — trust signal, secondary

TWO-OFFERING SECTION

Section heading: What we offer

Column A — CascadeGuard CLI (Supply Chain Tools)

The CLI that closes your software supply chain loop.

Bullet copy:

  • Image Factory (cg images) — detect upstream base image changes, trigger signed rebuilds, and roll out to your deployments. The full lifecycle, automated.
  • Build Tooling Management (cg build) — pin, scan, and manage your build & deployment tools: version pinning for your dependencies, container scanning, CVE surfacing. Works on any repo, not just image builds.
  • Works with your existing build & deployment pipelines (GitHub Actions / GitLab CI / ArgoCD / Kargo / Jenkins, more coming soon)
  • Open source core, free forever. Premium tier available for advanced scanning, compliance dashboards, and team features.

CTAs: [Install] [View on GitHub]

Column B — CascadeGuard Secure Images

Production-hardened base images. Community tier free to pull.

Bullet copy:

  • Non-root by default (UID 65532) — no privilege escalation out of the box
  • Minimal attack surface — unnecessary packages stripped before you touch them
  • Cryptographically signed with Cosign / Sigstore — verify before you run
  • SBOM attached (SPDX format) — full provenance, no guessing
  • Critical CVEs patched within 24 hours on the community tier
  • Premium tier: SLA-backed images, priority CVE patching, and extended support

CTAs: [Browse Images] [Pull from GHCR]

Upgrade callout (below both columns):

Both products offer a premium tier for teams that need SLA-backed support, advanced scanning, and extended coverage. The CascadeGuard Platform brings everything together with dashboards, alerting, and build & deployment integrations — coming soon.

HOW IT WORKS (LIFECYCLE LOOP SECTION)

Section heading: One loop. End to end.

Section intro copy:

Most teams detect a CVE, rebuild manually, hope nothing broke, and deploy — then do it again next week. CascadeGuard closes the loop so the whole cycle runs automatically through your GitOps pipeline.

Flow steps (for diagram — see Designer Brief):

  1. Upstream changes — A base image is updated. A CVE is published. A new Go release drops.
  2. CascadeGuard detects — Your images.yaml config defines what to watch. CascadeGuard monitors it continuously.
  3. Rebuild triggered — A signed commit lands in your state repo. Your existing build pipeline kicks off.
  4. Scan & sign — The new image is scanned, signed with Cosign, and an SBOM is attached.
  5. Deploys — Your deployment tool promotes the verified image to production.
  6. Audit trail closed — Every step is signed, logged, and reproducible.

Closing line:

This is the loop that separates teams who react to supply chain incidents from teams who automate them away.

TRUST / SOCIAL PROOF SECTION

Section heading: We publish what we practice.

Copy:

CascadeGuard dogfoods its own tooling. Our base images are built with CascadeGuard. Our pipeline is public. Our CVE response times are live on the dashboard.

Proof points (display as stat tiles):

  • Live CVE Dashboard — “We publish our own security posture in real time.”
  • GitHub Stars — pull from API dynamically
  • Docker Hub / GHCR total pulls — pull from API dynamically
  • “Critical CVEs patched within 24h” — standing commitment badge

CLOSING SECTION (OPEN SOURCE + PREMIUM FRAMING)

Section heading: Open source at the core. Premium where it matters.

Copy:

CascadeGuard is open source at its core. The CLI, the config spec, the build pipeline — all on GitHub with a BSL license. Both our supply chain tools and community base images are free to use today.

When your team needs more — SLA-backed image support, advanced scanning, compliance dashboards, multi-team management — premium tiers for both products are available. The CascadeGuard Platform brings it all together.

Platform teaser:

CascadeGuard Platform — coming soon. Dashboard, scanning, alerting, and team features that unify the full supply chain. [Join the waitlist]

Deliverable 2: Docs Landing Page

PAGE TITLE

CascadeGuard Documentation

INTRO PARAGRAPH

CascadeGuard is an open-source tool for automating your software supply chain. Use it to run the full image lifecycle (Image Factory), manage and pin your existing build & deployment tooling (Build Tooling Management), or pull hardened base images directly — or all three.

ROUTING DECISION TABLE

Heading: New here? Start in the right place.

I want to…Start here
Automate my image builds end-to-end (detect, rebuild, roll out)CLI Quick Start — Image Factory
Pin and scan my build & deployment tooling across all reposCLI Quick Start — Build Tooling Management
Drop in a production-hardened base image right nowSecure Images
Understand how CascadeGuard works end to endHow CascadeGuard Works
Migrate from a manual or cron-based rebuild processMigration Guide
Verify an image signature or inspect an SBOMVerification Guide

TWO-PATH SECTION

Heading: Two ways to use CascadeGuard

Path A — The CLI (open source)

Automate your software supply chain with images.yaml. CascadeGuard’s two capabilities — Image Factory and Build Tooling Management — cover the full loop from base image CVE to signed deployment. Open source core, free forever. Premium tier available.

Links: Quick Install | Image Factory (cg images) | Build Tooling Management (cg build) | GitHub

Path B — Secure Base Images

Pre-hardened base images built and maintained by CascadeGuard. Non-root. Signed. SBOM attached. Community tier free to pull. Premium tier with SLA-backed support and priority CVE patching available.

Links: Browse the Image Catalog | How to use in your Dockerfile | Verify a signature | GHCR

GETTING STARTED SIDEBAR NOTE

A note on capabilities: CascadeGuard has two CLI capabilities: Image Factory (cg images) automates the end-to-end image lifecycle (detect → rebuild → roll out), while Build Tooling Management (cg build) pins and scans your build & deployment tools across any repo. They are independent — you can use either or both.

Deliverable 3: Designer Brief — Homepage Visual Treatment

PROJECT

CascadeGuard homepage redesign — visual treatment for the lifecycle loop diagram and overall page composition.

DESIGN OBJECTIVES

  1. Communicate CascadeGuard as a serious, developer-native security tool — not a startup landing page with stock photos.
  2. Make the lifecycle loop diagram the centrepiece of the homepage. It is the core differentiator.
  3. Visually distinguish the two product lines (Supply Chain Tools vs Secure Images) without making them feel unrelated — both are under the CascadeGuard brand, both have free + premium tiers.
  4. Convey “open source trust” — verifiable, transparent, community-backed.

VISUAL TONE

  • Style: Minimal, technical, dark-mode first. Think Tailscale, Fly.io, or Warp — not SaaS marketing gloss.
  • Typography: Mono for code/CLI elements; clean sans-serif for body copy. Headings: confident, not clever.
  • Colour: Dark background (near-black), accent in a single security-adjacent colour — either a muted teal/cyan (“trust, precision”) or amber/orange (“alert, action”). Avoid red — too alarmist for a tool that solves security problems.
  • Imagery: No stock photos. All illustration or diagram. Prefer abstract flow/graph imagery over iconography.

LIFECYCLE LOOP DIAGRAM SPEC

What it needs to show: A continuous loop (not a linear funnel) with 6 nodes:

[ Upstream changes ] --> [ CascadeGuard detects ] --> [ Rebuild triggered ]
         ^                                                       |
         |                                                       v
[ Audit trail closed ] <-- [ Deployment ] <-- [ Scan & sign ]

Design requirements:

  • Must read as a loop, not a waterfall — the arrow from “Audit trail closed” back to “Upstream changes” is critical. This communicates automation, not one-time setup.
  • Each node: short label + optional 1-line descriptor on hover or below.
  • CascadeGuard’s role visually centred — small logo mark or brand colour pulsing at the centre.
  • Works in both light and dark mode. Dark mode is primary.
  • Minimum accessible contrast on all text nodes.
  • Must be SVG or Lottie — no raster. Animation (if used): single slow rotation or pulse, not distracting.
  • Comprehensible without hover states (readable on mobile).

Secondary diagram (optional, lower on page): A simple two-branch illustration showing the two CLI capabilities — cg images (image lifecycle) and cg build (build & deployment tooling) — branching from a single cascadeguard root. Reinforces “one CLI, two supply chain capabilities” for engineering-oriented visitors.

PAGE COMPOSITION GUIDANCE

Hero:

  • Full-width, dark background.
  • Headline + sub-headline left-aligned or centred.
  • CTAs separated by hierarchy: primary (filled), secondary (outlined), tertiary (text link).
  • No hero image — the lifecycle diagram IS the visual hero. Consider a subtle, low-opacity version of the loop diagram as background.

Two-offering section:

  • Two-column card layout. Cards feel equal weight.
  • Subtle divider or background shift to separate from hero.
  • Custom icons (not generic checkmarks): lock for security features, code bracket for CLI features, package for image features.
  • Both cards should include a visual “free + premium” tier indicator — e.g. a small pill or badge. This is important: neither product is free-only or paid-only.
  • Upgrade callout below both cards: single-line strip in a lighter treatment, linking to pricing/premium.

Lifecycle section:

  • Generous vertical whitespace — it earns it.
  • Diagram: large and centred.
  • Section heading and copy sit above diagram; closing line anchors below.

Trust section:

  • Stat tiles in a horizontal strip — 4 tiles max.
  • Monospace font for numbers; small “updated” indicator to convey liveness.

Closing / Platform section:

  • Lighter or contrasting background to signal tonal shift.
  • Platform teaser: aspirational but understated — not vaporware.

ASSETS NEEDED FROM DESIGN

  1. Lifecycle loop SVG / Lottie animation — primary homepage diagram
  2. Two-offering section icons (lock, code bracket, package, rebuild/cycle)
  3. Free + premium tier badge/pill component for both product cards
  4. Homepage hero background treatment (subtle loop motif)
  5. Trust tile component (stat + label + live-indicator)
  6. Light + dark mode variants for all above

REFERENCE COMPANIES FOR TONE

  • Tailscale — developer-native, minimal, trust-first
  • Fly.io — technical confidence, dark palette
  • Sigstore — security community credibility
  • Chainguard — security positioning (though we differ in being truly OSS with premium tiers)

Deliverables revised per CEO framing correction: both supply chain tools and Secure Images have free + premium tiers.

Graph View