OCI Registry

Jan 1, 0001

Definition

OCI Registry refers to a storage and distribution system for container images and other artifacts compliant with the Open Container Initiative (OCI) standards. It allows users to store, manage, and distribute container images securely and efficiently, supporting features like versioning, access control, and integration with CI/CD pipelines. OCI Registries are often used to facilitate the deployment of containerized applications across various environments.

Secure Settings Example

# Example configuration for a secure OCI Registry using Docker Distribution
version: 0.1
log:
  level: info
  fields:
    service: registry
storage:
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  headers:
    X-Content-Type-Options: [nosniff]
  secret: a-very-secure-secret
  headers:
    X-Frame-Options: [DENY]
  tls:
    certificate: /path/to/cert.pem
    key: /path/to/key.pem
auth:
  htpasswd:
    realm: basic-realm
    path: /path/to/htpasswd

Insecure Settings Example

# Example of an insecure OCI Registry configuration
version: 0.1
log:
  level: debug
storage:
  filesystem:
    rootdirectory: /var/lib/registry
http:
  addr: :5000
  secret: insecure-secret
  # Missing TLS configuration
auth:
  # No authentication configured

OCI Registry

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter