Every self-hosted service you run was built by someone you've never met, packaged by someone else, distributed by a registry that accepts anything. Flareo fixes the middle of that chain — build, scan, sign, attest, publish — so the leap of faith shrinks to just the code review you were already going to do.
The first container I pulled and actually thought about was jc21/nginx-proxy-manager. I was setting up a home lab. The README said one docker run command, the container started, the admin panel loaded, and I pointed it at my domain. It worked. And then I sat there for a minute wondering: who actually built this, and what's inside it?
The maintainer could answer the first question. The second was harder. The image on Docker Hub was tagged :latest and would silently change under me. There was no SBOM. The CVE situation was anyone's guess. The image claimed to be signed, but the signing used Docker Content Trust, which nobody verifies and nobody checks. I was trusting a community reputation score. For a production service in my house, that felt wrong.
Flareo exists because the gap between "the source code is open" and "the container you're about to run has been verified" is bigger than it should be. Chainguard solves this for enterprises with six-figure budgets. Linuxserver.io has an enormous self-hosted catalog but no cryptographic guarantees. Homegrown pipelines work if you have a platform team. There was no option for individual operators who wanted both supply-chain rigor and bring-your-own-box freedom.
That constraint — we never sit in the runtime path — is what lets us say things other platforms can't. If we shut down tomorrow, your deployment keeps running. Nothing phones home. The signatures we produce are verified against public Sigstore infrastructure we don't operate, so you can bypass our tools entirely and reach the same conclusion.
We're in public beta. The platform runs on two Hetzner VPSes in Falkenstein, about €28 a month. We've shipped 12 verified modules so far. The pipeline handles 41 builds per 7-day window. Median stage latency is 340ms. We had one 37-minute degraded-scan incident in the last 30 days, documented in full on the status page. That's the whole company, basically.
When billing starts in September 2026, individual operators stay free forever. Pro is $19 per month with no seat tax. Enterprise is $99 per month with SSO and audit log export. We'll give 30 days of notice before the first invoice, and you can self-host the entire platform under AGPLv3 if you'd rather skip us entirely.
There's no venture capital. There's no exit strategy. There's a platform, a changelog, a status page, and the belief that verification infrastructure for small operators is a category that ought to exist and doesn't yet. If that maps to a problem you have, browse the catalog or verify a module yourself. If it doesn't, the Compare page will point you at whichever of our competitors fits you better.
I'm [FOUNDER NAME] — the one who pulled jc21/nginx-proxy-manager that night and couldn't stop thinking about who built what was running in my house. I built the first version of Flareo over the winter of 2025, working from a small flat in the EU with one collaborator, on Hetzner hardware, in TypeScript, because that's the seam I knew well.
I'm the only person who reads every reviewer decision, every takedown request, every report filed against a module. If you write to hello@flareo.dev, I read it. If you find a bug at /security, I'm the one who acknowledges it within 24 hours. That changes when the team grows past two people; until then, this is what "independent" means in practice.
No board. No investors. No exit. Just a platform that I'd want to use myself, and a small group of early operators who've been generous with feedback. Thank you, especially, to the publishers who trusted us with the first 12 modules.
Defining scope by what we do is half the picture. The other half is being clear about what we don't do, so visitors don't arrive with the wrong expectations and leave disappointed. Five things Flareo is not, in plain language.
We don't run your deployments. After you take away the compose file, your container runs on your infrastructure — your VPS, your Kubernetes cluster, your homelab. If you want managed hosting, look at Railway / Fly / Vercel.
We don't run your tests, gate your PRs, or deploy your application code. The pipeline you see runs once at submission and again daily as a canary. If you want CI/CD, that's GitHub Actions / GitLab CI / Buildkite territory.
We're upstream of Kubernetes. The image we publish is what you might use as the basis of a Kubernetes Deployment. The cluster orchestration is your problem (or your distribution's) — k3s, Talos, EKS, whatever.
Docker Hub stores millions of images of which we package roughly a dozen. If you need raw image storage with massive catalog, Docker Hub is the right tool. We're the verification + preview + takeaway layer that sits beside it, not the storage layer that competes with it.
Our pipeline produces auditable artifacts that compliance teams find useful (SBOM, SLSA provenance, signature chain). But we're not selling SOC 2 attestations, FedRAMP authorization, or a managed compliance posture. Those are the businesses of Sysdig, Snyk, Palo Alto. We do the verification; consuming the verification for a compliance program is your call.
Verification establishes provenance and known vulnerability posture. It does not establish that the code is benign. A determined attacker who controls upstream can produce a 'verified' Flareo module. What we give you is the ability to react fast — see the FAQ for detail on this.
see FAQ →Defining scope negatively clarifies positioning and reduces the mismatched-expectation conversations that drain support time. Counterintuitively, saying clearly "we don't do X" is one of the stronger signals you can give a sophisticated audience.