Mirantis has entered into an agreement to be acquired by IREN. A message from our CEO

MIRANTIS SECURE REGISTRY

Your private, cloud native hub for container images.

Software supply chain attacks paralyze businesses — often introducing malicious container images early in the development pipeline. Public container registries are rife with corrupted images. As organizations scale their use of containers across multiple teams, clusters, and clouds, how can they keep development moving forward swiftly and securely?

Mirantis Secure Registry (MSR) provides an enterprise-grade, policy-driven, private container registry solution that can be easily integrated to provide image storage and control and a critical system of record for secure software supply chains. MSR is built on Harbor, the CNCF-graduated, open-source registry trusted by enterprises worldwide. Harbor combines a rich feature set, including RBAC, image signing, CVE scanning, and OCI artifact support, with proven scalability and extensibility. With MSR, we’ve taken Harbor upstream and added rigorous testing and validation, 24x7 enterprise support, and long-term maintenance, making it a safe and strategic choice for organizations seeking to secure and operationalize their container workflows. MSR is the number one CNCF Registry for Kubernetes, and Docker and Podman compatible.

TRY IT FREE

BUY NOW

MSR features OCI-compatible mirroring to any public or private cloud registry.

Why enterprises prefer Mirantis for Harbor

When you choose Mirantis Secure Registry, you’re not just adopting Harbor; you’re gaining a production-hardened, fully supported container registry platform, maintained by professionals who live and breathe Harbor every day.

Each release of MSR is tested and validated across a comprehensive matrix of infrastructure configurations, operating systems, and Kubernetes distributions. Mirantis ensures that your registry performs consistently by supporting core Harbor services and key middleware components.

Additionally, Mirantis provides:

Extensive Testing and validation: Release offerings have been thoroughly tested and documented to prevent issues in middleware and operating system components beyond Harbor

Support & Professional Services: 8x5 or 24x7 support for Harbor, plus turnkey professional services to help organizations attain the highest level of service for their environment

Dedicated Harbor development team: Experts focused on delivering bug fixes, CVE security updates, middleware updates, and more

Extensive documentation: In-depth guidance that covers nearly every scenario for deploying and managing MSR, with deep dives into complex topics such as HA installs with Helm

CNCF Harbor community participation: Contributions to influence and align with industry standards, participation in maintainer calls, along with sponsorship of CNCF events related to Harbor

Prescriptive migration support: Clear paths from legacy registries, including earlier MSR versions, to simplify transitions

How it works

Public container registries are hosted out in the open, while many private registries operate from providers’ clouds. Mirantis Secure Registry works where you need it, including on your clusters themselves, putting you back in control. Whether deployed on-prem, in public cloud, or across hybrid environments, MSR is engineered for resiliency and operational continuity, with built-in support for high availability, mirroring, and backups.

Mirantis Secure Registry is an enterprise-grade container registry that can be easily integrated with standard Kubernetes distributions and enables modern DevSecOps practices with built-in tools to secure and verify the integrity of your container workloads.

Projects page lists repositories and reports usage trends, storage consumption, and repository activity.

Interrogation Services dashboard highlights most dangerous vulnerabilities and artifacts, helping teams prioritize security fixes.

Role-based access control (RBAC)

Integrate with internal user directories to implement fine-grained access policies. Synchronize multiple repositories for separation of concerns from development through production.

Image vulnerability scanning

Continuously scan images at the binary level using Trivy, with support for CVE policies and automatic blocking for non-compliant images.

SBOM generation and management

Automatically or manually generate Software Bill of Materials for your images. View, download, and replicate SBOMs across multiple MSR instances to increase transparency and compliance.

Image signing

Developers and CI tools can digitally sign contents and publishers of images, so downstream users and automation tools can verify image authenticity before running.

Caching and mirroring

Mirror and cache container image repositories to avoid network bottlenecks and make images available across multiple sites. MSR features OCI-compatible mirroring to any public or private registry.

CloudNativeAI integration

Integrate with CloudNativeAI (CNAI) for seamless management, versioning, and retrieval of AI models in order to improve consistency, traceability, and automation throughout the ML lifecycle.

Image lifecycle

Control costs by automatically cleaning up images based on policy controls such as the date of the last update or the number of recent images you want to keep, along with immutable tags, quotas, and retention policies.

OpsCare:

24/7 Enterprise Support

24x7x365 Always On Support

30 min initial response time for Severity 1 incidents

ISO 27001, ISO 9001, ISO 14001 certified

LEARN MORE ABOUT SUPPORT SUBSCRIPTIONS

Get started with Mirantis Secure Registry

Want to learn more—or experience Mirantis Container Registry for yourself?

TRY IT FREE

CONTACT SALES

DATASHEET:

Mirantis Secure Registry Datasheet

Check out Mirantis Container Runtime on Linux or Windows.

READ DATASHEET

CHECKLIST:

Kubernetes Enterprise Security Checklist

Kubernetes and cloud applications let complex systems run reliably in unreliable environments.

DOWNLOAD NOW

DOCUMENTATION:

Mirantis Secure Registry Docs

Explore the Mirantis Secure Registry Reference Architecture, Installation Guide, Operations Guide, API Reference, and other docs to get all the technical details.

READ DOCUMENTATION

Your private container registry, solved

Mirantis Secure Registry drives software supply chain security across our cloud native stack. It integrates closely with Mirantis Container Runtime, which is FIPS-140-2 conformant and uses a cryptographic module validated by the National Institute of Science and Technology (NIST).

Mirantis Secure Registry can be one component of a transformative ZeroOps strategy, enabling you to reduce costs and accelerate development. Explore how you can build on your runtime to create a complete ZeroOps stack:

Mirantis Container Runtime

Secure, industry-standard container runtime—Docker interface included. The keystone of a secure software supply chain, integrating tightly with Mirantis Secure Registry.

LEARN MORE

DevOps-as-a-Service

Accelerate development with cloud native DevOps-as-a-service—bringing automation and cloud native expertise together to deliver guaranteed outcomes.

LEARN MORE

LET’S TALK

We see Mirantis as a strategic partner who can help us provide higher performance and greater success as we expand our cloud computing services internationally.

— Aurelio Forese, Head of Cloud, Netsons

We see Mirantis as a strategic partner who can help us provide higher performance and greater success as we expand our cloud computing services internationally.

— Aurelio Forese, Head of Cloud, Netsons

Frequently Asked Questions About Container Registries

What should I look for in a container registry?

When selecting a container registry, it is helpful to consider the following factors:

Integration with Existing Workflows: A registry that integrates with current development, continuous integration, and deployment pipelines will streamline operations and enhance productivity.
Security and Compliance Features: Security capabilities such as image scanning for vulnerabilities, access control mechanisms, policy enforcement, and image signing ensure the safety of container images. Detailed event logs are also essential for compliance audits.
Scalability and Reliability: A registry that offers high availability and can scale with application growth is vital for enterprise operations; focus on features like cross-region replication and reliable uptime in order to maintain consistent performance.
Support for Multiple Artifact Types: If your projects involve various artifact types beyond container images, a registry that also supports Helm charts, SBOMs, signatures and other formats can help centralize your artifact management.

What is a private container registry?

A private container registry is a specialized storage system that allows organizations to securely store, manage, and distribute container images. Unlike public registries, which are accessible to anyone, private container registries only allow access to authorized users. A private container registry is essential for maintaining a secure software supply chain, as it helps control access to container images and reduce risk of unauthorized modifications or exposure.

What are the benefits of using a private container registry?

Using a private container registry offers the following benefits:

Enhanced Security: Private container registries keep sensitive or proprietary images private and secure with robust security features such as role-based access control (RBAC), vulnerability scanning, and integration with enterprise IAM systems. This minimizes the risk of unauthorized access or tampering and allows full control over who can access, push, or pull container images.
Compliance and Governance: Private container registries often offer features that can help in meeting compliance requirements, such as data storage within specific geographic regions.
High Availability: Private container registries are designed to ensure that container images are accessible when needed, which is essential for maintaining the reliability of the deployment process. Storing images closer to your infrastructure or within your own network reduces latency while allowing for more reliable access during disruptions.
Customization and Control: Private container registries allow you to customize storage, access policies, retention rules, and integrations to fit your organization’s workflow and infrastructure

How do I host a private container registry?

Setting up a self-hosted container registry allows organizations to securely manage and store container images on-premises or in their own cloud infrastructure. Here’s how to get started:

Choose a Private Container Registry Solution: Select a self-hosted container registry solution that aligns with your needs. There are both open-source options and enterprise options (e.g., Mirantis Secure Registry), that can be deployed on an organization’s servers.
Set Up the Private Container Registry: Deploy the chosen registry solution on a server within your network; this involves configuring the registry’s storage, setting up network access controls, and ensuring that only authorized users can access the repository.
Secure the Private Container Registry: Implement security measures such as enabling HTTPS to encrypt data transmitted to and from the registry. Utilize authentication mechanisms to restrict access, ensuring that only authorized personnel can push or pull images.
Integrate with Your Development Workflow: Configure your development and deployment tools to interact with your private container registry. This includes setting up authentication credentials and specifying the registry’s address in your container management configurations.
Maintain and Monitor the Private Container Registry: Regularly update your private container registry software to patch vulnerabilities. Monitor usage logs and set up alerts for any unauthorized access attempts. Implement backup strategies to prevent data loss.

What is the difference between a public and private registry in Docker?

The primary distinction between a public and private Docker registry lies in their accessibility and security; public Docker registries like Docker Hub are open to anyone, while private Docker registries are hosted in a private environment and have restricted access. This means that public registries are ideal for sharing open-source projects and publicly available applications, since any user can push and pull container images. Private registries, on the other hand, are critical for organizations that require security and compliance.