Key Features#
The Mirantis Secure Registry 4 features are briefly described in the following table, which also offers links to the corresponding upstream Harbor documentation:
| Feature | Description |
|---|---|
| Project quotas | Project quotas can be set as a means for controlling the use of resources, and thus it is possible to limit the amount of storage that a project can consume. |
| Manual registry replication | Users can replicate resources, namely images and charts, between various registries, in both pull or push mode. |
| Policy-based registry replication | Policy-based registry replication provides simplified configuration and management of asynchronous replication between multiple registries. |
| LDAP/Active Directory or OIDC based authentication support | Integrate with AD/LDAP internal user directories and OIDC to implement fine-grained access policies and prevent malicious actors from uploading unsafe images. Multiple repositories can be linked to provide a separation of duties from development through production. |
| Vulnerability scanning configuration | Deploy vulnerability scanning to analyze images for vulnerabilities prior to their being promoted to production. The default scanner, Aqua Trivy, can be installed during MSR 4 installation using the --with-trivy flag. It supports flexible scanning policies and integrates easily into CI/CD systems. |
| RESTful API | An application programming interface is included that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. |
| Metrics | Exposure of information to operators and administrators, to convey the running status of MSR 4 in real time. |
| Log rotation | Configure audit log retention windows and set syslog endpoints to forward audit logs. |
| System account robots | Administrators can create system robot accounts for the purpose of running automated actions. |
| P2P preheating | Integrates key P2P distribution capabilities of CNCF projects and allows users to define policies around this action. |
| Proxy caching | Users can proxy and cache images from a target public or private registry. |