How Mirantis Secure Registry Protects Your Deployments Across the Software Lifecycle

Eric Gregory - January 4, 2022 - , , , ,

The increasing complexity of the software supply chain — and the interdependence of countless technologies for almost any solution — have made it clear that security is paramount at every stage of the software development lifecycle. Whether the security threat is a long-game attack planting malware on public registries or a severe vulnerability uncovered in commonplace open source libraries, a perimeter-based security approach is no longer an option. Organizations need dev tooling built for both DevOps workflows and modern security realities.

Mirantis Secure Registry provides a container registry solution that protects your deployments at every step — from whiteboarding to prototype to production and beyond. In this article, we’ll take a look at what a container registry does, why it’s so important for security, and what makes Mirantis Secure Registry unique.

What is a container registry?

Container registries are repositories for container images — standalone packages of software that can be executed by container engines to quickly build and run applications and all of their dependencies. Container images can serve as templates or prefabricated building blocks: if a developer needs a basic HTTP server as a foundation for her project, she can download an image from a registry near-instantaneously. Moreover, the registry can serve as a single source of truth for an application: the most recent version, ready for use and distribution.

Registries are often run by organizations involved in cloud technology (such as Docker, Google, or Amazon), and they can be public or private:

  • Public registries allow users to freely download and upload container images. This makes them powerful learning tools, but introduces security risks that make public registries unsuitable resources for enterprises. Docker Hub is among the most popular public registries.
  • Private registries may be hosted in-house or by an external provider, but either way, they introduce measures allowing for privacy, security, and governance, such as role-based access control and image-scanning. Private registries allow users to inspect their container “inventory” and control exactly who interacts with it and how.

It’s not hard to see how private registries create a more secure container environment — and therefore a more secure software supply chain. But the sheer scope of the security risk in public container images can be eye-opening. After scanning 4 million Docker Hub images, a security firm found that 51% contained vulnerabilities open to exploitation.

Whether meeting regulatory compliance obligations or hardening the supply chain, enterprises require a reliable private repository like Mirantis Secure Registry (MSR).

Why use Mirantis Secure Registry?

Mirantis Secure Registry is designed not just to meet the security and compliance requirements of enterprises, but to simplify and accelerate workflows. It provides:

  • Role-based access control (RBAC). Mirantis Secure Registry can synchronize with user directories to define registry access across an organization, securing the supply chain, organizing according to responsibilities, and making governance easy.
  • Image scanning. The Log4Shell vulnerability highlighted the importance of understanding the full stack of components in your software. Mirantis Secure Registry scans containers — and all their constituent parts — against a regularly updated vulnerability database, and can incorporate these scans into automated CI/CD processes.
  • Runs on Kubernetes. As of version 3.0.0, Mirantis Secure Registry runs alongside any other apps in any standard distribution of Kubernetes 1.20 or higher. That means you can use it with your vendor or platform of choice — all you need is Kubernetes.
  • Image signing. Mirantis Secure Registry digitally signs and verifies images’ contents and publishers, making it easy to build workflows that validate authenticity before running an image.
  • Policy-based image promotion. CI/CD is simplified with a policy system that regulates the promotion of images from stage to stage.

Conclusion

As the software supply chain grows more complex, holistic approaches to security are more important than ever — and creates the opportunity to streamline development and delivery. For enterprises leveraging containers, Mirantis Secure Registry provides an essential tool to organize, accelerate, and secure workflows across the software lifecycle.

Need a secure registry solution? Try Mirantis Secure Registry for free today.

banner-img
test
tst
tst
Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers

One of the biggest challenges for implementing cloud native technologies is learning the fundamentals — especially when you need to fit your learning in a busy schedule. In this series, we’ll break down core cloud native concepts, challenges, and best practices into short, manageable exercises and explainers, so you can learn five minutes at a time. These lessons assume a basic …

Cloud Native 5 Minutes at a Time: Creating, Observing, and Deleting Containers
Cloud Native 5 Minutes at a Time: What is a Container?

One of the biggest challenges for implementing cloud native technologies is learning the fundamentals — especially when you need to fit your learning in a busy schedule. In this series, we’ll break down core cloud native concepts, challenges, and best practices into short, manageable exercises and explainers, so you can learn five minutes at a time. These lessons assume a basic …

Cloud Native 5 Minutes at a Time: What is a Container?
Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)

Note: this blog post was originally published by Avinash Desireddy on Medium. You can view the original post here. Docker Containers, Kubernetes, CNCF, and many other relevant projects completely changed how we package, ship, and run applications. As you all know, Kubernetes has become a defacto standard for running applications. At the same time, container registries and chart repositories play a …

Deploy Mirantis Secure Registry on any Kubernetes (Minikube, EKS, GKE, K0S, etc.)
FREE EBOOK!
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
DOWNLOAD
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW