From 0dbbac02af8b4535e70ff93dd287b2392f80a9f2 Mon Sep 17 00:00:00 2001
From: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Date: Fri, 17 Oct 2025 18:22:19 +0300
Subject: [PATCH] docs: add documentation for dockerhub (#2063)

* docs: add documentation for dockerhub

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>

* docs: typo fixes

---------

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: sudo-kraken <joe@j-harrison.co.uk>
---
 docs/getting-started/docker.mdx               |  6 +-
 ...ges.mdx => verifying-signed-artifacts.mdx} | 79 ++++++++++---------
 2 files changed, 47 insertions(+), 38 deletions(-)
 rename docs/using-jellyseerr/advanced/{verifying-signed-images.mdx => verifying-signed-artifacts.mdx} (86%)

diff --git a/docs/getting-started/docker.mdx b/docs/getting-started/docker.mdx
index acc6257aa..7efb5a2de 100644
--- a/docs/getting-started/docker.mdx
+++ b/docs/getting-started/docker.mdx
@@ -11,6 +11,10 @@ Details on how to install Docker can be found on the [official Docker website](h
 Refer to [Configuring Databases](/extending-jellyseerr/database-config#postgresql-options) for details on how to configure your database.
 :::
 
+:::info
+An alternative Docker image is available on Docker Hub for this project. You can find it at [Docker Hub Repository Link](https://hub.docker.com/r/seerr/seerr)
+:::
+
 ## Unix (Linux, macOS)
 :::warning
 Be sure to replace `/path/to/appdata/config` in the below examples with a valid host directory path. If this volume mount is not configured correctly, your Jellyseerr settings/data will not be persisted when the container is recreated (e.g., when updating the image or rebooting your machine).
@@ -71,7 +75,7 @@ docker run -d ...
 :::info
 All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
 
-To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Images](/using-jellyseerr/advanced/verifying-signed-images) guide.
+To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-jellyseerr/advanced/verifying-signed-artifacts) guide.
 :::
 
 :::tip
diff --git a/docs/using-jellyseerr/advanced/verifying-signed-images.mdx b/docs/using-jellyseerr/advanced/verifying-signed-artifacts.mdx
similarity index 86%
rename from docs/using-jellyseerr/advanced/verifying-signed-images.mdx
rename to docs/using-jellyseerr/advanced/verifying-signed-artifacts.mdx
index 5ebc40643..c706fcab9 100644
--- a/docs/using-jellyseerr/advanced/verifying-signed-images.mdx
+++ b/docs/using-jellyseerr/advanced/verifying-signed-artifacts.mdx
@@ -1,13 +1,37 @@
 ---
-id: verifying-signed-images
-title: Verifying Signed Images
-sidebar_label: Verify Signed Images
-description: Learn how to verify Seerr's signed container images and SBOM attestations using Cosign, Docker, Podman, or Skopeo.
+id: verifying-signed-artifacts
+title: Verifying Signed Artifacts
+sidebar_label: Verify Signed Artifacts
+description: Learn how to verify Seerr's signed artifacts and SBOM attestations.
 ---
 
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
+# Verifying Signed Artifacts
+
+These artifacts are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/):
+- Container images
+
+This ensures that the images you pull are authentic, tamper-proof, and built by the official Seerr release pipeline.
+
+Additionally each container image also includes a CycloneDX SBOM (Software Bill of Materials) attestation, generated with [Trivy](https://aquasecurity.github.io/trivy/), providing transparency about all dependencies included in the image.
+
+---
+
+## Prerequisites
+
+You will need the following tools installed:
+
+- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)
+
+To verify images:
+
+- [Docker](https://docs.docker.com/get-docker/) **or**
+- [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
+
+---
+
 # Verifying Signed Images
 
 All Seerr container images published to GitHub Container Registry (GHCR) are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/).
@@ -17,42 +41,23 @@ Each image also includes a CycloneDX SBOM (Software Bill of Materials) attestati
 
 ---
 
-## Prerequisites
-
-You will need the following tools installed:
-
-- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)
-- [Docker](https://docs.docker.com/get-docker/) **or**
-- [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
-
-```bash
-cosign version
-```
-
-If using **Podman**, ensure `skopeo` is available:
-
-```bash
-skopeo --version
-```
-
----
-
-## Image Locations
+### Image Locations
 
 Official Seerr images are available from:
 
 - GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr:<tag>`
+- Docker Hub: `seerr/seerr:<tag>`
 
 You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/releases).
 
 ---
 
-## Verifying a Specific Release Tag
+### Verifying a Specific Release Tag
 
 Each tagged release (for example `v2.7.4`) is immutable and cryptographically signed.
 Verification should always be performed using the image digest (SHA256).
 
-### Retrieve the Image Digest
+#### Retrieve the Image Digest
 
 <Tabs groupId="verify-methods">
   <TabItem value="docker" label="Docker">
@@ -78,7 +83,7 @@ sha256:abcd1234...
 
 ---
 
-### Verify the Image Signature
+#### Verify the Image Signature
 
 <Tabs groupId="registry-methods">
   <TabItem value="ghcr" label="GitHub Container Registry (GHCR)">
@@ -112,14 +117,14 @@ The following checks were performed:
 
 ---
 
-## Verifying the `latest` Tag
+### Verifying the `latest` Tag
 
 :::warning Latest Tag Warning
 The `latest` tag is **mutable**, meaning it will change with each new release.
 Always verify the digest that `latest` currently points to.
 :::
 
-### Retrieve the Digest for `latest`
+#### Retrieve the Digest for `latest`
 
 <Tabs groupId="verify-methods">
   <TabItem value="docker" label="Docker">
@@ -143,7 +148,7 @@ Example output:
 sha256:abcd1234...
 ```
 
-### Verify the Signature
+#### Verify the Signature
 
 <Tabs groupId="registry-methods">
   <TabItem value="ghcr" label="GHCR">
@@ -171,11 +176,11 @@ The wildcard `v.*` ensures verification works for any versioned release that `la
 
 ---
 
-## Verifying SBOM Attestations
+### Verifying SBOM Attestations
 
 Each image includes a CycloneDX SBOM attestation.
 
-### Verify the Attestation
+#### Verify the Attestation
 
 ```bash
 cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
@@ -193,7 +198,7 @@ The following checks were performed:
 - Certificate issued by Fulcio to the expected workflow identity
 :::
 
-### Extract the SBOM for Inspection
+#### Extract the SBOM for Inspection
 
 ```bash
 cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
@@ -206,7 +211,7 @@ You can open `sbom.json` in a CycloneDX viewer or analyse it with [Trivy](https:
 
 ---
 
-## Expected Certificate Identity
+### Expected Certificate Identity
 
 The expected certificate identity for all signed Seerr images is:
 
@@ -222,7 +227,7 @@ This confirms that the image was:
 
 ---
 
-## Troubleshooting
+### Troubleshooting
 
 | Issue | Likely Cause | Suggested Fix |
 |-------|---------------|----------------|
@@ -233,7 +238,7 @@ This confirms that the image was:
 
 ---
 
-## Example: Full Verification Flow
+### Example: Full Verification Flow
 
 <Tabs groupId="verify-examples">
   <TabItem value="docker" label="Docker">