Securely Access and Manage Your Docker Container Registry

Sonatype Nexus Repository allows you to host and proxy Docker registries. It supports creating repository groups, enabling faster access to Docker container images while reducing bandwidth usage. You can also share Docker images that you create through hosted repositories managed within Sonatype Nexus Repository.

Docker images cached in Sonatype Nexus Repository are accessed via a structured URL format. For example, an image in a “docker-hosted” repository would be accessible at [example.domain:443/nexus3/repository/docker-hosted/image-name]. However, due to Docker client limitations, configurations like subdomain connectors, reverse proxies, or port connectors may be required to redirect traffic to the correct paths.

The Docker Bearer Token Realm must be enabled to authenticate and manage access to Docker repositories through a Docker client. Authenticated access requires users to perform a docker login command with their credentials. You can also configure repositories to allow anonymous access by setting nx-view privileges and enabling anonymous Docker pulls.

Yes, Sonatype Nexus Repository supports OCI images, adhering to versions 1.0.0 and 1.0.1 of the OCI specification. Features such as tag deletion and support for the optional Docker image "mediaType" are included.

Using Sonatype Lifecycle, the application layer of a Docker container image can be analyzed to identify open-source components. By saving the Docker image as a tar file, you can run an analysis to check for vulnerabilities and compliance issues. Reports can be generated for review in Sonatype Lifecycle.