Mirantis brings secure registries to Kubernetes distros

This is a big step forward in securing open-source container supply chains.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Thanks to Solarwinds and Log4j, we know it's all too easy to have our systems busted thanks to software supply chain problems. To help us with this, Mirantis, the cloud and container company, has released Mirantis Secure Registry (MSR) 3.0, which can be used to build and deploy secure registries across any Kubernetes distribution.

Mirantis Secure Registry, formerly Docker Trusted Registry, provides an enterprise-grade container registry solution. You can use this as a foundation to build a secure software supply chain. It does this by providing you with access to a container image registry that has enhanced levels of security beyond that of public registries. This, in turn, gives you more control over this critical part of their software supply chain. 

The comprehensive, built-in security enables users to verify and trust the automated operations and integration with Continuous Integration/Continuous Delivery (CI/CD) pipelines to speed up application testing and delivery.

You can use MSR alongside your other apps in any standard Kubernetes 1.20 and above distribution, via standard Helm techniques. While the new MSR is no longer integrated with Mirantis Kubernetes Engine (MKE) as it was earlier, it still runs as well as ever on MKE as it does with any other supported Kubernetes distribution.

It checks images for known security problems by using an image-scanning Common Vulnerabilities and Exposures (CVE) PostgreSQL database server with sufficient storage for a 24 GB database. Once these images meet your defined security minimums, you can use MSR to automatically promote your images from testing to production. You can deploy the images via mirrors to distributed teams with policy-based controls.

As you might guess, you can also easily create an automated workflow. This works whenever you push a commit that triggers a build on a CI provider, which pushes a new image into your registry. Once there, the registry fires off a webhook and triggers deployment on a staging environment -- or notifies other systems that a new image is available.

The point of all this is that it automates security. 

Also: Hackers target Kubernetes to steal data and processing power. Now the NSA has tips to protect yourself

All too often, security is an afterthought during application development and lifecycle management. This results in images with vulnerabilities and puts your cloud-native environments at risk. MSR, which is already being deployed and used by federal agencies and Fortune 500 companies worldwide, securely stores, shares, and manages images in its private container registry to automate software supply chain security. Security becomes a built-in part of your CI/CD pipeline. 

In other words, as Adam Parco, Mirantis's CTO, said, "MSR provides verification and trust in software artifacts with policies and role-based access control to ensure that container images are scanned and free from vulnerabilities. It enables images to be promoted from testing to production in a controlled way to automate compliance checks that secure the software supply chain."

Sounds too good to be true? You can learn more about Mirantis Secure Registry and try MSR for free today.

Editorial standards