Mirantis acquires amazee.io, the only ZeroOps Application Delivery Hub.   Read Blog Post  |  View Press Release  |  Visit amazee.io

How Mirantis Secure Registry Protects Your Deployments Across the Software Lifecycle

image

The increasing complexity of the software supply chain — and the interdependence of countless technologies for almost any solution — have made it clear that security is paramount at every stage of the software development lifecycle. Whether the security threat is a long-game attack planting malware on public registries or a severe vulnerability uncovered in commonplace open source libraries, a perimeter-based security approach is no longer an option. Organizations need dev tooling built for both DevOps workflows and modern security realities.

Mirantis Secure Registry provides a container registry solution that protects your deployments at every step — from whiteboarding to prototype to production and beyond. In this article, we’ll take a look at what a container registry does, why it’s so important for security, and what makes Mirantis Secure Registry unique.

What is a container registry?

Container registries are repositories for container images — standalone packages of software that can be executed by container engines to quickly build and run applications and all of their dependencies. Container images can serve as templates or prefabricated building blocks: if a developer needs a basic HTTP server as a foundation for her project, she can download an image from a registry near-instantaneously. Moreover, the registry can serve as a single source of truth for an application: the most recent version, ready for use and distribution.

Registries are often run by organizations involved in cloud technology (such as Docker, Google, or Amazon), and they can be public or private:

  • Public registries allow users to freely download and upload container images. This makes them powerful learning tools, but introduces security risks that make public registries unsuitable resources for enterprises. Docker Hub is among the most popular public registries.
  • Private registries may be hosted in-house or by an external provider, but either way, they introduce measures allowing for privacy, security, and governance, such as role-based access control and image-scanning. Private registries allow users to inspect their container “inventory” and control exactly who interacts with it and how.

It’s not hard to see how private registries create a more secure container environment — and therefore a more secure software supply chain. But the sheer scope of the security risk in public container images can be eye-opening. After scanning 4 million Docker Hub images, a security firm found that 51% contained vulnerabilities open to exploitation.

Whether meeting regulatory compliance obligations or hardening the supply chain, enterprises require a reliable private repository like Mirantis Secure Registry (MSR).

Why use Mirantis Secure Registry?

Mirantis Secure Registry is designed not just to meet the security and compliance requirements of enterprises, but to simplify and accelerate workflows. It provides:

  • Role-based access control (RBAC). Mirantis Secure Registry can synchronize with user directories to define registry access across an organization, securing the supply chain, organizing according to responsibilities, and making governance easy.
  • Image scanning. The Log4Shell vulnerability highlighted the importance of understanding the full stack of components in your software. Mirantis Secure Registry scans containers — and all their constituent parts — against a regularly updated vulnerability database, and can incorporate these scans into automated CI/CD processes.
  • Runs on Kubernetes. As of version 3.0.0, Mirantis Secure Registry runs alongside any other apps in any standard distribution of Kubernetes 1.20 or higher. That means you can use it with your vendor or platform of choice — all you need is Kubernetes.
  • Image signing. Mirantis Secure Registry digitally signs and verifies images’ contents and publishers, making it easy to build workflows that validate authenticity before running an image.
  • Policy-based image promotion. CI/CD is simplified with a policy system that regulates the promotion of images from stage to stage.

Conclusion

As the software supply chain grows more complex, holistic approaches to security are more important than ever — and creates the opportunity to streamline development and delivery. For enterprises leveraging containers, Mirantis Secure Registry provides an essential tool to organize, accelerate, and secure workflows across the software lifecycle.

Need a secure registry solution? Try Mirantis Secure Registry for free today.