By using prebuilt containers companies are not always sure what is inside the containers. Mirantis Secure Registry has an image scanning function. So once the container image is put on the registry, it goes through all the different layers ensuring that no vulnerabilities are contained within the image. Companies also want to ensure that only those that are authorized to access their images are doing so. Companies cannot ensure that a third-party attack will not inject anything into their environment unless they are using a private repository. The notary also ensures that the image being tested in the lower environments is the same as what is being deployed in the upper environments and into production. Kevin Ng, Solution Architect at Mirantis, goes on to discuss further what the risks are of not using a private repository.
About Kevin Ng: As a Solution Architect, Kevin is passionate about discovering and eliminating root causes of barriers to value, with over a decade of experience helping Fortune 500 companies in multiple industries including finance, retail, healthcare, logistics, and consumer staples achieve software delivery excellence. Much of his work focuses on DevOps practices, continuous testing, and release automation&orchestration. With deep technical understanding in these areas and a broad grasp of the organizational, process, and work culture considerations needed for sustainable progress with digital transformation.
About Mirantis: Mirantis helps organizations ship code faster on public and private clouds. providing a public cloud experience on any infrastructure, from the data center to the edge. With Lens and Mirantis Container Cloud, Mirantis empowers a new breed of Kubernetes app developers by removing infrastructure and operations complexity and providing one cohesive cloud experience for complete app and DevOps portability, a single pane of glass, and automated full-stack lifecycle management with continuous updates.