Manage applications

In addition to storing individual and multi-architecture container images and plugins, MSR supports the storage of applications as their own distinguishable type.

Applications include the following two tags:




Under the hood



Container image represented by OS and architecture.

For example, linux amd64.

Uses Mirantis Container Runtime. The Docker daemon is responsible for building and pushing the image. Includes scan results for the invocation image.

Application with bundled components



Uses the application client to build and push the image. Includes scan results for the bundled components. Docker App is an experimental Docker CLI feature.

Use docker app push to push your applications to MSR. For more information, refer to Docker App in the official Docker documentation.

View application vulnerabilities

  1. Log in to the MSR web UI.

  2. In the left-side navigation panel, click Repositories.

  3. Select the desired repository and click the Tags tab.

  4. Click View details on the <app-tag> or <app-tag>-invoc row.


  • You cannot sign an application as the Notary signer cannot sign Open Container Initiative (OCI) indices.

  • Scanning-based policies do not take effect until after all images bundled in the application have been scanned.

  • Docker Content Trust (DCT) does not work for applications and multi-architecture images, which have the same underlying structure.

Parity with existing repository and image features

The following repository and image management events also apply to applications: