Login Contact Us Book a Demo

Docker registry support

Securely Access and Manage Docker Container Registries

Simplify how you host, proxy, and manage Docker container images with the Sonatype platform. Whether working on Kubernetes deployments or managing multiple containers, we can help you streamline operations, reduce complexity, and keep your workflows secure.

Header-LR-Gray-(RIGHT)
Header-LR-Gray-(LEFT)

Using Docker Registry with the Sonatype Platform

Docker containers have transformed application development by improving how software is packaged, deployed, and managed. Take your development to the next level with full Docker Registry support across the Sonatype portfolio to increase accessibility and security when working with Docker images and artifacts. By using Docker with Sonatype solutions, you can efficiently manage containers while securing them to maintain a reliable DevOps pipeline. 

Accelerate development by setting up a Docker proxy registry within Sonatype Nexus Repository and keep it secure by blocking malicious Docker images and vulnerable components with Sonatype Repository Firewall. Increase security even more with Sonatype Lifecycle, which analyzes the application layer to analyze dependencies.

Supported Docker Registry Features

Proxy Docker Registries

Easily cache and access remote Docker images with reduced storage and faster download speeds. Keep your images local to maximize efficiency.

Hosted Repositories

Host Docker artifacts in private repositories with fine-grained permissions, ensuring enhanced security for your team’s content.

Group Repositories

Simplify image management by accessing multiple repositories through a single URL, reducing configuration errors and team friction.

OCI Industry Standards Compliance

Leverage OCI image guidelines for compatibility with leading containerization practices across multiple environments.

Docker Manifest Lists Support

Access multi-platform images under a single tag, supporting diverse architectures without additional complexity.

Extensive Client Compatibility

Works seamlessly with Docker clients from version 1.8 onward, ensuring enhanced usability no matter your toolset.

Keep Malicious Docker Images Out of Your Repository

Sonatype helps mitigate risk within Docker management by integrating advanced security into your workflows. Sonatype Repository Firewall scans containers on ingestion to detect malicious Docker images while enforcing security, license, and hygiene policies. With automation at scale, seamlessly integrate malware detection and policy enforcement directly into your CI/CD pipelines, security, or threat prevention systems. Customize when and where to block based on your workflows, ensuring robust protection every step of the way.

  • Malware Detection on Import

    Automatically scan Docker containers for malicious components as they are ingested.

  • Policy Enforcement at Scale

    Define and enforce security, licensing, and hygiene policies directly in your CI/CD.

  • Automated Threat Prevention

    Integrate Docker image scanning into your systems for hands-free security management.

Integration Resources

Docker Registry Support for Sonatype Nexus Repository

Learn More

Docker Image Analysis Support for Sonatype Lifecycle

Learn More

Docker Security Best Practices Guide

Learn More

FAQs

What is the purpose of using Sonatype Nexus Repository for Docker registries?

Sonatype Nexus Repository allows you to host and proxy Docker registries. It supports creating repository groups, enabling faster access to Docker container images while reducing bandwidth usage. You can also share Docker images that you create through hosted repositories managed within Sonatype Nexus Repository.

How can I access Docker images in a repository?

Docker images cached in Sonatype Nexus Repository are accessed via a structured URL format. For example, an image in a “docker-hosted” repository would be accessible at [example.domain:443/nexus3/repository/docker-hosted/image-name]. However, due to Docker client limitations, configurations like subdomain connectors, reverse proxies, or port connectors may be required to redirect traffic to the correct paths.

What security features are available for accessing Docker repositories?

The Docker Bearer Token Realm must be enabled to authenticate and manage access to Docker repositories through a Docker client. Authenticated access requires users to perform a docker login command with their credentials. You can also configure repositories to allow anonymous access by setting nx-view privileges and enabling anonymous Docker pulls.

Does Sonatype Nexus Repository support OCI images?

Yes, Sonatype Nexus Repository supports OCI images, adhering to versions 1.0.0 and 1.0.1 of the OCI specification. Features such as tag deletion and support for the optional Docker image "mediaType" are included.

How does Sonatype handle Docker image analysis?

Using Sonatype Lifecycle, the application layer of a Docker container image can be analyzed to identify open-source components. By saving the Docker image as a tar file, you can run an analysis to check for vulnerabilities and compliance issues. Reports can be generated for review in Sonatype Lifecycle.