Accessing CleanStart Images and Artifacts
The CleanStart Customer Delivery Portal provides secure access to hardened container images, security reports, vulnerability data, and attestation artifacts.
Access: https://portal.cleanstart.dev
Getting Started
First Login
To get started with the CleanStart portal, navigate to https://portal.cleanstart.dev. You can sign up using an email address, or you can use single sign-on through Google, GitHub, or Microsoft for faster account creation. Once you create your account, verify your email address by clicking the link in the confirmation email. Create your organization within the portal to establish your workspace. Finally, generate your initial API key for programmatic access to the CleanStart API by storing this key securely as you'll need it for integrations.
Dashboard
The dashboard provides a comprehensive view of your CleanStart environment with key metrics visible at a glance. You can see your active subscriptions and their renewal dates so you never miss an expiration. Recent security alerts keep you informed of newly discovered threats affecting your images. The deployed image count shows how many images you have distributed across your environments. Vulnerability trends over the past 30 days help you track whether your security posture is improving or degrading. API usage metrics and rate limits display your current consumption relative to your plan's allowance.
Image Library
Browse Catalog
Navigate to Images → Browse Catalog to access the image library. You can search 1,200 or more hardened images, filter by category such as languages, databases, web servers, and machine learning frameworks, view variants like -prod, -dev, and -debug, check architecture support for amd64, arm64, and arm/v7, and see current vulnerability status and scan dates.
Pulling Images
With Authentication:
docker login gcr.iodocker pull gcr.io/cleanstart-images/runtimes/python:3.12-prodcosign verify --key cosign.pub gcr.io/cleanstart-images/runtimes/python:3.12-prodAPI-based Pulling:
curl -H "Authorization: Bearer YOUR_API_KEY" \ https://api.cleanstart.dev/v1/images/python/3.12-prod/pullMirroring to Private Registry
Automated Mirror: Navigate to Images → Settings. Add private registry credentials. Select images to mirror. Enable automatic sync.
Manual Mirror:
docker pull gcr.io/cleanstart-images/runtimes/python:3.12-proddocker tag gcr.io/cleanstart-images/runtimes/python:3.12-prod \ my-registry/python:3.12-proddocker push my-registry/python:3.12-prodSecurity Reports
View Reports
Navigate to Reports → Security Analysis
Available report types include Vulnerability Scan Reports providing detailed CVE findings, Compliance Certificates documenting regulatory compliance, Attestation Records showing cryptographic proof of image integrity, Risk Assessment evaluating security exposure, and Trend Analysis tracking vulnerability patterns over time.
Download Artifacts
To download artifacts, select the desired report type, choose the date range to cover, select which image(s) to include, choose the output format (HTML, PDF, JSON, or CSV), then generate and download the report.
Share Reports
Generate shareable links by opening a report, clicking "Share", setting an expiration period (1 day to 1 year), setting permissions (view-only or download), and copying the generated link.
Example: https://portal.cleanstart.dev/reports/share/abc123xyz789
Subscriptions & Billing
View Subscription
Navigate to Account → Subscriptions to view subscription details including subscription tier (Free, Pro, or Enterprise), renewal date, number of images included, API rate limits, and support tier.
Subscription Tiers
Plan | Images | API/mo | Support | Cost |
|---|---|---|---|---|
Free | 100 | 1,000 | Community | Free |
Pro | 500 | 100,000 | $199/mo | |
Enterprise | Unlimited | Unlimited | 24/7 | Custom |
API Key Management
Create API Key
To create an API key, go to Account → API Keys and click "Generate New Key". Enter a descriptive key name, select the required scopes (images:read, vulnerabilities:read, reports:write, scans:execute), set an expiration date (1 year is recommended), and copy the key immediately upon generation.
Using API Keys
Store securely:
export CLEANSTART_API_KEY="cs_live_abc123def456..."Use in requests:
curl -H "Authorization: Bearer $CLEANSTART_API_KEY" \ https://api.cleanstart.dev/v1/images/search?name=pythonRotate Keys
The rotation process involves generating a new key, updating applications, revoking the old key, monitoring for issues, and deleting the revoked key (after 24h).
Integration Settings
Container Registry Integration
To integrate a container registry, go to Settings → Integrations and click "Add Registry". Select your registry type from options including Docker Hub, GCR, ECR, Artifactory, or Quay.io. Enter the required credentials, test the connection to verify it works, then enable automatic mirroring.
Webhook Configuration
To configure webhooks, go to Settings → Webhooks and click "Create Webhook". Enter the webhook URL where events should be sent. Select the events you want to receive including image.scanned, vulnerability.detected, and image.updated. Set the retry policy for failed deliveries, test the webhook to verify it works, and then enable it.
CI/CD Integration
GitHub Actions:
- name: Download CleanStart image env: CLEANSTART_API_KEY: ${{ secrets.CLEANSTART_API_KEY }} run: | curl -H "Authorization: Bearer $CLEANSTART_API_KEY" \ https://api.cleanstart.dev/v1/images/python/3.12-prod/pull | docker loadGitLab CI:
build: script: - curl -H "Authorization: Bearer $CLEANSTART_API_KEY" \ https://api.cleanstart.dev/v1/vulnerabilities/scanOrganization & Team Management
User Management
To manage users, go to Settings → Team and click "Invite Member". Enter the email address of the person to invite. Select the appropriate role: Admin for full access, Manager for user and billing management, Developer for image access and API usage, or Viewer for read-only access. Send the invitation.
Role Permissions
Permission | Admin | Manager | Developer | Viewer |
|---|---|---|---|---|
Manage users | ✓ | ✓ | ||
Billing | ✓ | ✓ | ||
Download images | ✓ | ✓ | ✓ | ✓ |
View reports | ✓ | ✓ | ✓ | ✓ |
Generate API keys | ✓ | ✓ | ✓ | |
Configure integrations | ✓ | ✓ |
In-Portal Resources
Knowledge Base: How-to guides, troubleshooting, video tutorials
Quick Links: The portal provides quick access to the getting started guide, image security information, the vulnerability database, and compliance documentation.
Security Features
Two-Factor Authentication
To enable two-factor authentication, go to Account → Security and click "Enable 2FA". Scan the QR code with your authenticator app, enter the verification code from the app, and save the backup codes for account recovery.
Session Management
Go to Account → Active Sessions to view all active sessions on your account. You can revoke suspicious sessions and set session timeout limits for automatic logout.
Audit Logging
Go to Settings → Audit Log to view all account activities with timestamps and user information. You can export the audit log for compliance purposes and filter by user, action type, or date range.
Monitoring Usage
View Usage
Go to Dashboard → Usage to view metrics including API calls for the current month, images downloaded, bandwidth consumed, and current rate limit status. You can set up usage alerts to be notified when thresholds are approached and export usage reports for analysis.
API Rate Limits
The Free Plan allows 1,000 requests per month with a burst rate of 1 request per second. The Pro Plan increases this to 100,000 requests per month with a burst rate of 100 requests per second. The Enterprise tier offers unlimited requests with custom rate limits.
Check remaining quota in response headers:
X-RateLimit-Limit: 1000X-RateLimit-Remaining: 847X-RateLimit-Reset: 1699560000Troubleshooting
Cannot Download Image
If you cannot download an image, verify your login credentials, check that your API key has not expired, confirm that your subscription is active, verify the image exists in the catalog, check that firewall rules allow access to the registry, and contact support if the issue persists.
Authentication Errors
A 401 Unauthorized error indicates a problem with your API key—check that it's correct and has not expired. A 403 Forbidden error means you don't have the required permissions or scopes—verify your account role and API key scopes. A 429 Too Many Requests error indicates you've exceeded rate limits—implement exponential backoff in your requests.
Report Not Generating
If a report fails to generate, check that your selected date range is valid, verify that you've selected at least one image, try exporting in a different format, clear your browser cache to resolve any client-side issues, and contact support if the problem persists.
Support
You can reach the portal at https://portal.cleanstart.dev, view documentation at https://docs.cleanstart.dev/portal, email support at portal-support@cleanstart.dev, use the in-portal live chat feature, or call 1-800-CLEAN-SECURITY for Enterprise support.