Mirantis Secure Registry

Secure Software Supply Chain

Mirantis Secure Registry (formerly Docker Trusted Registry) provides an enterprise grade container registry solution that can be easily integrated to provide the core of an effective secure software supply chain.

Image scanning & signing

Secure software supply chain

Image sharing


Secure Containers Everywhere

Security is often an afterthought during application development and lifecycle management. Images can contain vulnerabilities, putting your cloud native environments at risk. With Mirantis Secure Registry — part of Mirantis Container Cloud — you can securely store, share and manage images in your own private container registry to automate the security of your software supply chain. Trust the provenance and content of your applications and ensure a secure separation of concerns with Mirantis Secure Registry. Our comprehensive, built-in security enables you to verify and trust the automated operations and integration with CI/CD to speed up application testing and delivery.

MCC video thumb
VIDEO: Preventing Cyber Attacks With Trusted Image Registries

Automated Security for Cloud Native Environments

Secure artifacts with policies and role-based access control to ensure your container images are scanned and free from vulnerabilities.

Seamlessly Share Any Application, Anywhere

Improve DevOps collaboration while maintaining clear boundaries. Create and push multi-service applications and images and make them accessible within your company.

Promote and Distribute Your Images to Where You Need Them

Automatically promote images from testing to production in a controlled way, ensuring that they meet the security minimums that you define, then mirror containerized content to distributed teams with policy-based controls.

Automate Your Development-to-Production Pipeline

Integrate Mirantis Secure Registry to your development pipeline with webhooks. Policy-based promotion automates compliance checks to secure your application supply chain.

Key Features & Capabilities


Access control

Integrate with internal user directories to implement fine-grained access policies in Mirantis Secure Registry. Multiple repositories can be linked to provide a separation of duties from development through production.


Image scanning

Get unprecedented insight into the software and libraries your organization is using and your exposure to known security threats. With this optional feature of Mirantis Container Cloud, images are scanned at the binary level, then correlated with a regularly updated CVE vulnerability database.


Image signing

Mirantis Secure Registry uses Notary’s implementation of the TUF spec (the same technology that’s behind Docker Content Trust) to digitally sign and verify both the contents and publisher of images. Developers and CI tools can apply signatures so downstream users and automation tools can verify image authenticity before running.


Caching and mirroring

Distributed teams and production environments require images to be available in multiple sites. Container image repositories can be mirrored and cached, putting images right where they are needed and avoiding network bottlenecks.


Image lifecycle

Container images may be lightweight, but that does not mean you want to store every image your team or CI tool creates forever. Automatically clean up images based on policy controls such as the date of the last update or the number of recent images you want to keep.


Policy-based image promotion

Streamline your development and delivery pipeline and enforce security controls with promotion policies that automatically gate images, ensuring only approved content makes its way to production.

Get started with Mirantis Secure Registry

Mirantis Secure Registry is included with Mirantis Container Cloud, the only platform you need to simplify cloud native infrastructure management from the data center to the edge, at scale.

image thumbnail



What is required to implement a secure software supply chain?


To implement a secure software supply chain, you need to be able to verify and scan application code, vendor libraries and tools, and upstream libraries and tools at each stage of the image building process. Once images have been built, they need to be verified and securely stored and signed. Finally, you need to ensure that only approved and approved images can be executed in your environment. Mirantis Secure Registry can help automate these tasks and simplify the process of implementing a secure software supply chain.


Can I easily integrate MSR into my CI/CD workflow, or do I have to adopt a Mirantis-specific model?


The Mirantis Secure Registry can readily be integrated into your specific CI/CD workflow. It does not impose a specific workflow or process on your environment.


Who is able to set the access policies for the secure registry?


A Mirantis Secure Registry Administrator can create users, teams and organizations, and define permissions for all of those.


How do I deploy applications with Mirantis Secure Registry?


Users can pull images directly from Mirantis Secure Registry or pull applications using Helm charts.


What versions of Helm are supported?


Mirantis Secure Registry supports both Helm v2 & v3.