How Mirantis Secure Registry Protects Your Deployments Across the Software Lifecycle

Eric Gregory - January 4, 2022 - , , , ,

The increasing complexity of the software supply chain — and the interdependence of countless technologies for almost any solution — have made it clear that security is paramount at every stage of the software development lifecycle. Whether the security threat is a long-game attack planting malware on public registries or a severe vulnerability uncovered in commonplace open source libraries, a perimeter-based security approach is no longer an option. Organizations need dev tooling built for both DevOps workflows and modern security realities.

Mirantis Secure Registry provides a container registry solution that protects your deployments at every step — from whiteboarding to prototype to production and beyond. In this article, we’ll take a look at what a container registry does, why it’s so important for security, and what makes Mirantis Secure Registry unique.

What is a container registry?

Container registries are repositories for container images — standalone packages of software that can be executed by container engines to quickly build and run applications and all of their dependencies. Container images can serve as templates or prefabricated building blocks: if a developer needs a basic HTTP server as a foundation for her project, she can download an image from a registry near-instantaneously. Moreover, the registry can serve as a single source of truth for an application: the most recent version, ready for use and distribution.

Registries are often run by organizations involved in cloud technology (such as Docker, Google, or Amazon), and they can be public or private:

  • Public registries allow users to freely download and upload container images. This makes them powerful learning tools, but introduces security risks that make public registries unsuitable resources for enterprises. Docker Hub is among the most popular public registries.
  • Private registries may be hosted in-house or by an external provider, but either way, they introduce measures allowing for privacy, security, and governance, such as role-based access control and image-scanning. Private registries allow users to inspect their container “inventory” and control exactly who interacts with it and how.

It’s not hard to see how private registries create a more secure container environment — and therefore a more secure software supply chain. But the sheer scope of the security risk in public container images can be eye-opening. After scanning 4 million Docker Hub images, a security firm found that 51% contained vulnerabilities open to exploitation.

Whether meeting regulatory compliance obligations or hardening the supply chain, enterprises require a reliable private repository like Mirantis Secure Registry (MSR).

Why use Mirantis Secure Registry?

Mirantis Secure Registry is designed not just to meet the security and compliance requirements of enterprises, but to simplify and accelerate workflows. It provides:

  • Role-based access control (RBAC). Mirantis Secure Registry can synchronize with user directories to define registry access across an organization, securing the supply chain, organizing according to responsibilities, and making governance easy.
  • Image scanning. The Log4Shell vulnerability highlighted the importance of understanding the full stack of components in your software. Mirantis Secure Registry scans containers — and all their constituent parts — against a regularly updated vulnerability database, and can incorporate these scans into automated CI/CD processes.
  • Runs on Kubernetes. As of version 3.0.0, Mirantis Secure Registry runs alongside any other apps in any standard distribution of Kubernetes 1.20 or higher. That means you can use it with your vendor or platform of choice — all you need is Kubernetes.
  • Image signing. Mirantis Secure Registry digitally signs and verifies images’ contents and publishers, making it easy to build workflows that validate authenticity before running an image.
  • Policy-based image promotion. CI/CD is simplified with a policy system that regulates the promotion of images from stage to stage.


As the software supply chain grows more complex, holistic approaches to security are more important than ever — and creates the opportunity to streamline development and delivery. For enterprises leveraging containers, Mirantis Secure Registry provides an essential tool to organize, accelerate, and secure workflows across the software lifecycle.

Need a secure registry solution? Try Mirantis Secure Registry for free today.

From Virtualization to Containerization
Learn how to move from monolithic to microservices in this free eBook
Download Now
Radio Cloud Native – Week of May 11th, 2022

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news. This week they discussed: Docker Extensions Artificial Intelligence shows signs that it's reaching the common person Google Cloud TPU VMs reach general availability Google buys MobileX, folds into Google Cloud NIST changes Palantir is back, and it's got a Blanket Purchase Agreement at the Department of Health and Human …

Radio Cloud Native – Week of May 11th, 2022
Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!

In the last several weeks we have released two updates to Mirantis Container Cloud - versions 2.16 and 2.17, which bring a number of important changes and enhancements. These are focused on both keeping key components up to date to provide the latest functionality and security fixes, and also delivering new functionalities for our customers to take advantage of in …

Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!
Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]

Cloud environments & Kubernetes are becoming more and more expensive to operate and manage. In this demo-rich workshop, Mirantis and Kubecost demonstrate how to deploy Kubecost as a Helm chart on top of Mirantis Kubernetes Engine. Lens users will be able to visualize their Kubernetes spend directly in the Lens desktop application, allowing users to view spend and costs efficiently …

Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]
Service Mesh for Mere Mortals
A Guide to Istio and How to Use Service Mesh Platforms
Technical training
Learn Kubernetes & OpenStack from Deployment Experts
Prep for certification!
View schedule
Mirantis Webstore
Purchase Kubernetes support