docs: add note about container image to intro

fmoessbauer · fmoessbauer · commit d5075765665d · 2025-09-30T13:52:03.000+02:00
Signed-off-by: Felix Moessbauer &lt;felix.moessbauer@siemens.com&gt;
diff --git a/docs/source/examples.rst b/docs/source/examples.rst
@@ -53,6 +53,14 @@ It is also possible to download multiple packages by name, version and architect
     guestfs-tools 1.52.3-1 source
     EOF
 
+Alternatively, the download can be executed from the container image:
+
+.. code-block:: bash
+
+    echo "guestfs-tools 1.52.3-1 source" | \
+    docker run -v$(pwd)/downloads:/mnt/downloads -i ghcr.io/siemens/debsbom:latest \
+        debsbom download --outdir /mnt/downloads --sources
+
 Merge Source Packages
 ~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/docs/source/intro.rst b/docs/source/intro.rst
@@ -76,6 +76,14 @@ Their relationship is expressed with the ``GENERATES`` relation.
 For packages that are marked as ``Built-Using`` in the dpkg status file, we use the ``GENERATED_FROM`` relation.
 This expresses the same semantic in SPDX, but this way it can still be identified if it is a proper source/binary relationship or a built-using one.
 
+Container Image
+---------------
+
+The ``debsbom`` tool is available as a container image at ``ghcr.io/siemens/debsbom:<latest|tag>``.
+It runs as root inside the container, allowing mounted directories (e.g., the download directory) to be owned by the invoking user in rootless environments, simplifying CI usage.
+
+The container image is built in a bit‑for‑bit reproducible manner.
+This can be verified by forking the repository, executing the CI pipeline, and comparing the hashes of the resulting container manifest.
 
 Limitations
 -----------
