Key Features¶
The Mirantis Secure Registry 4 features are briefly described in the following table, which also offers links to the corresponding upstream Harbor documentation:
Feature |
Description |
|---|---|
Project quotas can be set as a means for controlling the use of resources, and thus it is possible to limit the amount of storage that a project can consume. |
|
Users can replicate resources, namely images and charts, between various registries, in both pull or push mode. |
|
Policy-based registry replication provides simplified configuration and management of asynchronous replication between multiple registries. |
|
Integrate with AD/LDAP internal user directories and OIDC to implement fine-grained access policies and prevent malicious actors from uploading unsafe images. Multiple repositories can be linked to provide a separation of duties from development through production. |
|
Deploy vulnerability scanning to analyze images for vulnerabilities prior to their being promoted to production. The default scanner, Aqua Trivy, can be installed during MSR 4 installation using the --with-trivy flag. It supports flexible scanning policies and integrates easily into CI/CD systems. |
|
An application programming interface is included that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. |
|
Exposure of information to operators and administrators, to convey the running status of MSR 4 in real time. |
|
Configure audit log retention windows and set syslog endpoints to forward audit logs. |
|
Administrators can create system robot accounts for the purpose of running automated actions. |
|
Integrates key P2P distribution capabilities of CNCF projects and allows users to define policies around this action. |
|
Users can proxy and cache images from a target public or private registry. |