Docker Images
Stout implements the full OCI Distribution spec.
Push source, get a signed container image. Works with docker pull.
Configure Your Client
Log in to your Stout instance:
# Production
docker login registry.stout.io -u token -p $STOUT_TOKEN
# Local development (insecure registry)
docker login localhost:7888 -u token -p $STOUT_TOKEN
For local development, add localhost:7888 to the
insecure-registries list in your Docker daemon config.
Pull an Image
docker pull registry.stout.io/myorg/my-image:1.2.0Publish an Image
Stout builds images from source — you don't push pre-built images. Submit a build via the API:
curl -X POST https://registry.stout.io/api/v1/builds \
-H "Authorization: Bearer $STOUT_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"format": "oci",
"repo": "https://github.com/myorg/my-image",
"version": "1.2.0"
}'Stout clones the repo, builds with the Dockerfile, scans for vulnerabilities, signs with Sigstore, generates an SBOM, and pushes the manifest to the registry.
Authentication
Docker stores credentials after docker login. For CI environments,
use the --password-stdin flag:
echo $STOUT_TOKEN | docker login registry.stout.io -u token --password-stdinEndpoints
| Method | Path | Description |
|---|---|---|
GET | /v2/ | API version check |
GET | /v2/{name}/manifests/{ref} | Fetch manifest by tag or digest |
GET | /v2/{name}/blobs/{digest} | Download layer blob |
GET | /v2/{name}/tags/list | List tags |