Mirantis Selected as Software Infrastructure Partner for NVIDIA AI Factory for Government   |  Learn More

Contact Us
Docs
Store
Partners
Training
Public Sector
Platform
k0rdent AI

k0rdent AI: Provision multi-tenanted AI-ready infrastructure and core services

WHY k0RDENT
VIDEO: Run Anywhere. Automate Everything. k0rdent in 30 seconds.
Nebul case study icon

Nebul: Delivering Sovereign AI Clouds for European Enterprises

Discover how a neocloud uses Mirantis k0rdent AI to achieve "shared nothing" security without the pain of Kubernetes sprawl.

Solutions

FROM METAL-TO-MODEL™

IaaS

Unifed infrastructure automation

  • Multi-Cluster

  • Hybrid Multicloud

  • Workload Migration

  • Virtualization

  • Private Clouds

GPU PaaS

GPU provisioning & partitioning

  • AI Cloud

  • Sovereign Cloud

  • Enterprise AI Factory

AI PaaS

Training, inference & self-service AI

  • Turnkey Training

  • Turnkey Inference

  • Self-Service Portals

Services
Modern Application Delivery
App Modernization
Cloud Platform Operations
AI Inferencing Platform
Workload Migration
MCP AdaptiveOps
Enterprise Support
Resources

KNOWLEDGE BASE

Resource Library
Blog
Case Studies
Cloud Native Cookbook
Guided Demos
Tech Talks
Videos
Webinars

COMPANY

About
Press Releases
Careers
Leadership
Events
GET STARTED

MIRANTIS SECURE REGISTRY

Your private, cloud native hub for container images.

Software supply chain attacks paralyze businesses — often introducing malicious container images early in the development pipeline. Public container registries are rife with corrupted images. As organizations scale their use of containers across multiple teams, clusters, and clouds, how can they keep development moving forward swiftly and securely?

Mirantis Secure Registry (MSR) provides an enterprise-grade, policy-driven, private container registry solution that can be easily integrated to provide image storage and control and a critical system of record for secure software supply chains. MSR is built on Harbor, the CNCF-graduated, open-source registry trusted by enterprises worldwide. Harbor combines a rich feature set, including RBAC, image signing, CVE scanning, and OCI artifact support, with proven scalability and extensibility. With MSR, we’ve taken Harbor upstream and added rigorous testing and validation, 24x7 enterprise support, and long-term maintenance, making it a safe and strategic choice for organizations seeking to secure and operationalize their container workflows. MSR is the number one CNCF Registry for Kubernetes, and Docker and Podman compatible.

Mirantis Secure Registry (MSR) logo representing secure container image storage.
Mirantis Secure Registry (MSR) logo representing secure container image storage.
msr-screen-monitormsr-screen-monitor

MSR features OCI-compatible mirroring to any public or private cloud registry.

Logos of various container registries: Amazon ECR, Azure Registry, Docker Hub, GitHub Container Registry, Artifact Registry, JFrog Artifactory, Quay.Logos of various container registries: Amazon ECR, Azure Registry, Docker Hub, GitHub Container Registry, Artifact Registry, JFrog Artifactory, Quay.

Why enterprises prefer Mirantis for Harbor

When you choose Mirantis Secure Registry, you’re not just adopting Harbor; you’re gaining a production-hardened, fully supported container registry platform, maintained by professionals who live and breathe Harbor every day.

Each release of MSR is tested and validated across a comprehensive matrix of infrastructure configurations, operating systems, and Kubernetes distributions. Mirantis ensures that your registry performs consistently by supporting core Harbor services and key middleware components.

Additionally, Mirantis provides:

Extensive Testing and validation: Release offerings have been thoroughly tested and documented to prevent issues in middleware and operating system components beyond Harbor

Support & Professional Services: 8x5 or 24x7 support for Harbor, plus turnkey professional services to help organizations attain the highest level of service for their environment

Dedicated Harbor development team: Experts focused on delivering bug fixes, CVE security updates, middleware updates, and more

Extensive documentation: In-depth guidance that covers nearly every scenario for deploying and managing MSR, with deep dives into complex topics such as HA installs with Helm

CNCF Harbor community participation: Contributions to influence and align with industry standards, participation in maintainer calls, along with sponsorship of CNCF events related to Harbor

Prescriptive migration support: Clear paths from legacy registries, including earlier MSR versions, to simplify transitions

How it works

Public container registries are hosted out in the open, while many private registries operate from providers’ clouds. Mirantis Secure Registry works where you need it, including on your clusters themselves, putting you back in control. Whether deployed on-prem, in public cloud, or across hybrid environments, MSR is engineered for resiliency and operational continuity, with built-in support for high availability, mirroring, and backups.

Mirantis Secure Registry is an enterprise-grade container registry that can be easily integrated with standard Kubernetes distributions and enables modern DevSecOps practices with built-in tools to secure and verify the integrity of your container workloads.

Screenshot of a dashboard from Mirantis Secure Registry showing project details, storage usage, and a list of repositories with their artifacts.

Projects page lists repositories and reports usage trends, storage consumption, and repository activity.

Dashboard showing vulnerability data with charts and tables, including total vulnerabilities, top dangerous artifacts, and CVEs.

Interrogation Services dashboard highlights most dangerous vulnerabilities and artifacts, helping teams prioritize security fixes.

role-based-access-icon-smallrole-based-access-icon-small

Role-based access control (RBAC)

Integrate with internal user directories to implement fine-grained access policies. Synchronize multiple repositories for separation of concerns from development through production.

iconsicons

Image vulnerability scanning

Continuously scan images at the binary level using Trivy, with support for CVE policies and automatic blocking for non-compliant images.

Icon of document with signatureIcon of document with signature

SBOM generation and management

Automatically or manually generate Software Bill of Materials for your images. View, download, and replicate SBOMs across multiple MSR instances to increase transparency and compliance.

caching-and-mirroring-iconcaching-and-mirroring-icon

Image signing

Developers and CI tools can digitally sign contents and publishers of images, so downstream users and automation tools can verify image authenticity before running.

up-to-date-icon-smallup-to-date-icon-small

Caching and mirroring

Mirror and cache container image repositories to avoid network bottlenecks and make images available across multiple sites. MSR features OCI-compatible mirroring to any public or private registry.

icons-3icons-3

CloudNativeAI integration

Integrate with CloudNativeAI (CNAI) for seamless management, versioning, and retrieval of AI models in order to improve consistency, traceability, and automation throughout the ML lifecycle.

Image lifecycle iconImage lifecycle icon

Image lifecycle

Control costs by automatically cleaning up images based on policy controls such as the date of the last update or the number of recent images you want to keep, along with immutable tags, quotas, and retention policies.

mirantis-opscare-icon-mediummirantis-opscare-icon-medium

OpsCare:

24/7 Enterprise Support

icons-5icons-5

24x7x365 Always On Support

24-7-icon-small24-7-icon-small

30 min initial response time for Severity 1 incidents

icons-6icons-6

ISO 27001, ISO 9001, ISO 14001 certified

msr-monitor-trianglemsr-monitor-triangle

Get started with Mirantis Secure Registry

Want to learn more—or experience Mirantis Container Registry for yourself?

block-image

DATASHEET:

Mirantis Secure Registry Datasheet

Check out Mirantis Container Runtime on Linux or Windows.

block-image

CHECKLIST:

Kubernetes Enterprise Security Checklist

Kubernetes and cloud applications let complex systems run reliably in unreliable environments.

block-image

DOCUMENTATION:

Mirantis Secure Registry Docs

Explore the Mirantis Secure Registry Reference Architecture, Installation Guide, Operations Guide, API Reference, and other docs to get all the technical details.

Your private container registry, solved

Mirantis Secure Registry drives software supply chain security across our cloud native stack. It integrates closely with Mirantis Container Runtime, which is FIPS-140-2 conformant and uses a cryptographic module validated by the National Institute of Science and Technology (NIST).

Mirantis Secure Registry can be one component of a transformative ZeroOps strategy, enabling you to reduce costs and accelerate development. Explore how you can build on your runtime to create a complete ZeroOps stack:

mirantis-container-runtime-icon-medium

Mirantis Container Runtime

Secure, industry-standard container runtime—Docker interface included. The keystone of a secure software supply chain, integrating tightly with Mirantis Secure Registry.

LEARN MORE
lens-autopilot-icon

DevOps-as-a-Service

Accelerate development with cloud native DevOps-as-a-service—bringing automation and cloud native expertise together to deliver guaranteed outcomes.

LEARN MORE

LET’S TALK

Contact us to learn how Mirantis can accelerate your cloud initiatives.

We see Mirantis as a strategic partner who can help us provide higher performance and greater success as we expand our cloud computing services internationally.

— Aurelio Forese, Head of Cloud, Netsons

image

We see Mirantis as a strategic partner who can help us provide higher performance and greater success as we expand our cloud computing services internationally.

— Aurelio Forese, Head of Cloud, Netsons

image

Frequently Asked Questions About Container Registries

Q:

What should I look for in a container registry?

A:

When selecting a container registry, it is helpful to consider the following factors:

  • Integration with Existing Workflows: A registry that integrates with current development, continuous integration, and deployment pipelines will streamline operations and enhance productivity.

  • Security and Compliance Features: Security capabilities such as image scanning for vulnerabilities, access control mechanisms, policy enforcement, and image signing ensure the safety of container images. Detailed event logs are also essential for compliance audits.

  • Scalability and Reliability: A registry that offers high availability and can scale with application growth is vital for enterprise operations; focus on features like cross-region replication and reliable uptime in order to maintain consistent performance.

  • Support for Multiple Artifact Types: If your projects involve various artifact types beyond container images, a registry that also supports Helm charts, SBOMs, signatures and other formats can help centralize your artifact management.

Q:

What is a private container registry?

A:

A private container registry is a specialized storage system that allows organizations to securely store, manage, and distribute container images. Unlike public registries, which are accessible to anyone, private container registries only allow access to authorized users. A private container registry is essential for maintaining a secure software supply chain, as it helps control access to container images and reduce risk of unauthorized modifications or exposure.

Q:

What are the benefits of using a private container registry?

A:

Using a private container registry offers the following benefits:

  • Enhanced Security: Private container registries keep sensitive or proprietary images private and secure with robust security features such as role-based access control (RBAC), vulnerability scanning, and integration with enterprise IAM systems. This minimizes the risk of unauthorized access or tampering and allows full control over who can access, push, or pull container images.

  • Compliance and Governance: Private container registries often offer features that can help in meeting compliance requirements, such as data storage within specific geographic regions. 

  • High Availability: Private container registries are designed to ensure that container images are accessible when needed, which is essential for maintaining the reliability of the deployment process. Storing images closer to your infrastructure or within your own network reduces latency while allowing for more reliable access during disruptions.

  • Customization and Control: Private container registries allow you to customize storage, access policies, retention rules, and integrations to fit your organization’s workflow and infrastructure

Q:

How do I host a private container registry?

A:

Setting up a self-hosted container registry allows organizations to securely manage and store container images on-premises or in their own cloud infrastructure. Here’s how to get started:

  1. Choose a Private Container Registry Solution: Select a self-hosted container registry solution that aligns with your needs. There are both open-source options and enterprise options (e.g., Mirantis Secure Registry), that can be deployed on an organization’s servers. 

  2. Set Up the Private Container Registry: Deploy the chosen registry solution on a server within your network; this involves configuring the registry’s storage, setting up network access controls, and ensuring that only authorized users can access the repository.

  3. Secure the Private Container Registry: Implement security measures such as enabling HTTPS to encrypt data transmitted to and from the registry. Utilize authentication mechanisms to restrict access, ensuring that only authorized personnel can push or pull images.

  4. Integrate with Your Development Workflow: Configure your development and deployment tools to interact with your private container registry. This includes setting up authentication credentials and specifying the registry’s address in your container management configurations.

  5. Maintain and Monitor the Private Container Registry: Regularly update your private container registry software to patch vulnerabilities. Monitor usage logs and set up alerts for any unauthorized access attempts. Implement backup strategies to prevent data loss.

Q:

What is the difference between a public and private registry in Docker?

A:

The primary distinction between a public and private Docker registry lies in their accessibility and security; public Docker registries like Docker Hub are open to anyone, while private Docker registries are hosted in a private environment and have restricted access. This means that public registries are ideal for sharing open-source projects and publicly available applications, since any user can push and pull container images. Private registries, on the other hand, are critical for organizations that require security and compliance.

Mirantis logo
  • Linkedin Icon
  • Facebook Icon
  • Youtube Icon
  • X Icon

900 E Hamilton Avenue
Suite 650
Campbell, CA 95008
+1-650-963-9828

Privacy Policy

Do Not Sell My Information

UK Modern Slavery Act Statement

Why k0rdent?
Products
Open Source
Solutions
Services
Knowledge Base
Company

© 2005 - 2025 Mirantis, Inc. All rights reserved. “Mirantis” and “FUEL” are registered trademarks of Mirantis, Inc. All other trademarks are the property of their respective owners.