MIRANTIS SECURE REGISTRY

Your private, cloud native hub for container images.

Software supply chain attacks paralyze businesses—often introducing malicious container images early in the development pipeline. Public container registries are rife with corrupted images. How can you keep development moving forward swiftly and securely?

​​Mirantis Secure Registry provides an enterprise grade, docker trusted, private container registry solution that can be easily integrated to provide the core of an effective secure software supply chain.

msr-screen-monitormsr-screen-monitor
awards-2024awards-2024

Enterprise-grade security

Centralize control for container images: Store, share, and manage images from a secure docker registry under your control, enabling developers to use and run only approved images.

Protect and verify: Scan images against a continuously updated vulnerability database, and validate with cryptographic signing.

Secure and accelerate CI/CD workflows: Automatically promote images from test to prod for a secure, efficient software pipeline—all while maintaining policy-based controls.

How it works

Public container registries are hosted out in the open, while many private registries operate from providers’ clouds. Mirantis Secure Registry works where you need it—including on your clusters themselves, putting you back in control.

Mirantis Secure Registry is an enterprise-grade container registry that can be easily integrated with standard Kubernetes distributions to provide the core of an effective secure software supply chain:

Repositories can be configured for automated scanning.

Spot vulnerable images at a glance.

role-based-access-icon-smallrole-based-access-icon-small

Role-based access control

Integrate with internal user directories to implement fine-grained access policies. Synchronize multiple repositories for separation of concerns from development through production.

iconsicons

Image scanning

Continuously scan images at the binary level and check against a regularly updated CVE vulnerability database.

icons-1icons-1

Image signing

Developers and CI tools can digitally sign contents and publishers of images, so downstream users and automation tools can verify image authenticity before running.

icons-2icons-2

Caching and mirroring

Mirror and cache container image repositories to avoid network bottlenecks and make images available across multiple sites for distributed teams and production environments.

up-to-date-icon-smallup-to-date-icon-small

Image lifecycle

Automatically clean up images based on policy controls such as the date of the last update or the number of recent images you want to keep.

icons-3icons-3

Policy-based image promotion

Streamline your development and delivery pipeline and enforce security controls with promotion policies that automatically gate images, ensuring only approved content makes its way to production.

mirantis-opscare-icon-mediummirantis-opscare-icon-medium

OpsCare:

24/7 Enterprise Support

icons-5icons-5

24x7x365 Always On Support

24-7-icon-small24-7-icon-small

30 min initial response time for Severity 1 incidents

icons-6icons-6

ISO 27001, ISO 9001, ISO 14001 certified

msr-monitor-trianglemsr-monitor-triangle

Get started with Mirantis Secure Registry

Want to learn more—or experience Mirantis Container Registry for yourself?

block-image

DATASHEET:

Mirantis Secure Registry Datasheet

Check out Mirantis Container Runtime on Linux or Windows.

block-image

CHECKLIST:

Kubernetes Enterprise Security Checklist

Kubernetes and cloud applications let complex systems run reliably in unreliable environments.

block-image

DOCUMENTATION:

Mirantis Secure Registry Docs

Explore the Mirantis Secure Registry Reference Architecture, Installation Guide, Operations Guide, API Reference, and other docs to get all the technical details.

Your private container registry, solved

Mirantis Secure Registry drives software supply chain security across our cloud native stack. It integrates closely with Mirantis Container Runtime, which is FIPS-140-2 conformant and uses a cryptographic module validated by the National Institute of Science and Technology (NIST).

Mirantis Secure Registry can be one component of a transformative ZeroOps strategy, enabling you to reduce costs and accelerate development. Explore how you can build on your runtime to create a complete ZeroOps stack:

mirantis-container-runtime-icon-medium

Mirantis Container Runtime

Secure, industry-standard container runtime—Docker interface included. The keystone of a secure software supply chain, integrating tightly with Mirantis Secure Registry.

LEARN MORE
lens-autopilot-icon

DevOps-as-a-Service

Accelerate development with cloud native DevOps-as-a-service—bringing automation and cloud native expertise together to deliver guaranteed outcomes.

LEARN MORE

LET’S TALK

Contact us to learn how Mirantis can accelerate your cloud initiatives.

image
image

Frequently Asked Questions About Container Registries

Q:

What should I look for in a container registry?

A:

When selecting a container registry, it is helpful to consider the following factors:

  • Integration with Existing Workflows: A registry that integrates with current development, continuous integration, and deployment pipelines will streamline operations and enhance productivity.

  • Security and Compliance Features: Security capabilities such as image scanning for vulnerabilities, access control mechanisms, policy enforcement, and image signing ensure the safety of container images. Detailed event logs are also essential for compliance audits.

  • Scalability and Reliability: A registry that offers high availability and can scale with application growth is vital for enterprise operations; focus on features like cross-region replication and reliable uptime in order to maintain consistent performance.

  • Support for Multiple Artifact Types: If your projects involve various artifact types beyond container images, a registry that also supports Helm charts, SBOMs, signatures and other formats can help centralize your artifact management.


Q:

What is a private container registry?

A:

A private container registry is a specialized storage system that allows organizations to securely store, manage, and distribute container images. Unlike public registries, which are accessible to anyone, private container registries only allow access to authorized users. A private container registry is essential for maintaining a secure software supply chain, as it helps control access to container images and reduce risk of unauthorized modifications or exposure.


Q:

What are the benefits of using a private container registry?

A:

Using a private container registry offers the following benefits:

  • Enhanced Security: Private container registries keep sensitive or proprietary images private and secure with robust security features such as role-based access control (RBAC), vulnerability scanning, and integration with enterprise IAM systems. This minimizes the risk of unauthorized access or tampering and allows full control over who can access, push, or pull container images.

  • Compliance and Governance: Private container registries often offer features that can help in meeting compliance requirements, such as data storage within specific geographic regions. 

  • High Availability: Private container registries are designed to ensure that container images are accessible when needed, which is essential for maintaining the reliability of the deployment process. Storing images closer to your infrastructure or within your own network reduces latency while allowing for more reliable access during disruptions.

  • Customization and Control: Private container registries allow you to customize storage, access policies, retention rules, and integrations to fit your organization’s workflow and infrastructure

Q:

How do I host a private container registry?

A:

Setting up a self-hosted container registry allows organizations to securely manage and store container images on-premises or in their own cloud infrastructure. Here’s how to get started:

  1. Choose a Private Container Registry Solution: Select a self-hosted container registry solution that aligns with your needs. There are both open-source options and enterprise options (e.g., Mirantis Secure Registry), that can be deployed on an organization’s servers. 

  2. Set Up the Private Container Registry: Deploy the chosen registry solution on a server within your network; this involves configuring the registry’s storage, setting up network access controls, and ensuring that only authorized users can access the repository.

  3. Secure the Private Container Registry: Implement security measures such as enabling HTTPS to encrypt data transmitted to and from the registry. Utilize authentication mechanisms to restrict access, ensuring that only authorized personnel can push or pull images.

  4. Integrate with Your Development Workflow: Configure your development and deployment tools to interact with your private container registry. This includes setting up authentication credentials and specifying the registry’s address in your container management configurations.

  5. Maintain and Monitor the Private Container Registry: Regularly update your private container registry software to patch vulnerabilities. Monitor usage logs and set up alerts for any unauthorized access attempts. Implement backup strategies to prevent data loss.


Q:

What is the difference between a public and private registry in Docker?

A:

The primary distinction between a public and private Docker registry lies in their accessibility and security; public Docker registries like Docker Hub are open to anyone, while private Docker registries are hosted in a private environment and have restricted access. This means that public registries are ideal for sharing open-source projects and publicly available applications, since any user can push and pull container images. Private registries, on the other hand, are critical for organizations that require security and compliance.