A container registry is becoming a necessity for organizations using containers in cloud-native development projects because it enables them to reuse software components that have already been through a vulnerability scan and other compliance checks.
Here’s a look at the current state of container registries:
What’s a Container Registry?
A container registry, sometimes called a container hub, is a centralized repository of container images that an organization develops, vets, and secures to support the reuse of containers. When your organization establishes a container registry, they gain the technical foundation to create a reuse strategy that can help increase development velocity through the strategic reuse of software. For example, when a team reuses containers that have already gone through vulnerability scans and other security checks there’s no need to repeat those checks on the container at points during the DevOps lifecycle.
Container Registry Use Cases
Here are some examples of container hub use cases that are bubbling up right now:
Healthcare
As more healthcare applications migrate to the public cloud and to mobile apps because of COVID-driven telehealth initiatives, a container hub offers healthcare institutions such as a regional hospital system a secure and centralized repository of containers that are in compliance and now available for reuse.
For example, telehealth is changing user expectations for user experience (UX) and security. It’s incumbent on healthcare institutions to implement a container hub that can help their developers meet the changing market expectation for slick and consumer-like experiences they would expect with any app they download from Google Play or the iTunes Store.
Financial Services
Another industry ripe for container registries is the financial services industry. The financial services industry had been embracing the cloud even pre-pandemic to feed consumer demand for online and consumer banking services. In turn, this strategic move fuels the need for DevOps to DevSecOps and containers to support the necessary security and compliance that the industry requires to protect the personal and financial information of their customers.
A container registry inside a financial institution offers its developers and outside partners secure and vetted reusable containers that they can reuse across projects.
Public Sector & DoD
Public sector agencies and Department of Defense (DoD) programs are prime candidates for container hubs because they have security and compliance requirements they must maintain to protect government data and applications from attacks.
An example of a DoD container registry is Iron Bank (more on that later) which serves as a repository of standard container images for Platform One, an innovative cloud, and DevSecOps initiative. Iron Bank offers DoD developers hardened containers they can use across cloud projects they’re building to run on Platform One infrastructure. Other container registries are certain to come online as other DoD elements move forward with their own large-scale cloud initiatives.
Learn how Anchore brings DevSecOps to DoD software factories.
Container Registry Examples
Here are examples of industry-standard container registries:
Docker Hub
Docker Hub is perhaps the best-known example of a container registry. It’s a cloud-based repository open to the public in which Docker users and partners create, test, store, and distribute container images. All Docker tools go to the Docker Hub by default.
GitLab
GitLab offers a secure and private registry for Docker images that integrates directly with their industry-standard version control platform.
The Future is the Industry Specific Container Registry
As Platform One and the NVIDIA NGC show, there are some benefits of industry-specific container hubs including:
- A platform for cross-industry collaboration amongst developers and even market competitors to help some industry and even society level challenges such as COVID-19
- A central repository showing best practices in container creation and security for everybody to learn from
- A “container ethos” much in line with the open source ethos that can help support organizations early in their container adoption journey with secure and vetted containers they can download and use in their own projects
More corporate and government program-level container registries are a natural launchpad for more of an industry-level container registry as alliances and partnerships find the need to connect with developers outside their normal sphere of influence.
Do you want to learn more about container security best practices? Check out our Container Security Best Practices that Scale On-Demand Webinar.