Security

Security in Dockreg

Dockreg prioritizes the security of your container images and infrastructure. We implement bank-level security measures to protect your private Docker registries, ensuring your code and data remain safe throughout their lifecycle.

Encryption

All data in Dockreg is protected with AES-256 encryption both at rest and in transit. This includes container images stored in your registries and any data transmitted during pushes and pulls.

At Rest: Images and metadata are encrypted on our secure storage systems.
In Transit: All communications use TLS 1.3 to prevent interception or tampering.

Vulnerability Scanning (Beta)

Vulnerability scanning is a beta feature available to selected users. It automatically analyzes your container images for known security vulnerabilities as soon as they are pushed to your registry. This helps you identify and remediate issues before deploying to production, reducing the risk of exploits in your applications.

How It Works

Automatic Scanning: When you push an image to a Dockreg registry (e.g., via docker push), our scanning engine automatically initiates a scan. The process uses industry-standard tools to inspect the image layers for vulnerabilities in the base OS, dependencies, and application code.
Scan Scope: Scans cover:
- Operating system packages (e.g., CVE checks for Alpine, Ubuntu, etc.).
- Language-specific libraries (e.g., npm, pip, Maven dependencies).
- Embedded secrets or misconfigurations (where detectable).
Scan Duration: Most scans complete in under 5 minutes, depending on image size and complexity. You’ll receive a notification when the scan is finished.
Severity Levels: Vulnerabilities are categorized by severity:
- Critical: Immediate action required (e.g., remote code execution risks).
- High: Significant impact, patch promptly.
- Medium: Potential risks, monitor and update.
- Low: Informational, good to address over time.

Scans are performed in a secure, isolated environment and do not affect the availability of your images.

Accessing Reports

Scan results are available directly in the Dockreg dashboard:

Log in to your Dockreg account at https://dockreg.com/dashboard.
Navigate to your organization and select the relevant registry.
Go to the Images tab and click on the specific image.
Under the Security section, view the latest scan report.

Reports include:

A summary dashboard with vulnerability counts by severity.
Detailed listings with CVE IDs, descriptions, affected packages, and recommended fixes.
Historical scans for trend analysis.

You can also download reports as JSON or PDF for sharing with your security team or compliance audits.

Integration with Deployment Workflows

Integrate vulnerability scanning into your CI/CD pipelines to enforce security gates:

Webhooks: Configure webhooks to receive real-time notifications on scan completion. Events include image.scanned with payload containing severity summary and report URL. Set this up in your registry settings under Integrations > Webhooks.
CI/CD Examples:
- GitHub Actions: Add a step after docker push to wait for scan completion notifications via webhooks and fail the build if critical vulnerabilities are found.
- GitLab CI: Use webhooks to block merges on high-severity issues.

As this is a beta feature for selected users, scan limits and availability may vary. Contact support for access and details.

Additional Security Features

Role-Based Access Control (RBAC): Fine-grained permissions for users and API keys at organization and registry levels.
Audit Logs: Track all access and modifications (Enterprise only).
SSO Integration: Support for SAML and OAuth providers (Enterprise).
Compliance: SOC 2 Type II compliant, with regular third-party audits.

If you discover a security issue, please report it via our security contact form.

For more details on enterprise security, contact sales.