RE8CH REGISTRY

Re8ch Registry

توزيع حاويات موقعة لمنتجات Re8ch والأعضاء.

هذه صفحة مستقلة على image.re8ch.com. يبقى Harbor مصدر الحقيقة لمسارات OCI، وتشرح الصفحة العضوية والتوقيع وSBOM والفحص ومسار النشر الآمن للمستأجرين.

فتح البوابة طلب الوصول

مبني على خطة registry في cloud-functions Membership applications, project-per-member isolation, prebuilt image deployment, Cosign enforcement, scan events, SBOMs, and an independent ops webhook receiver.

صفحة المنتج ليست ضمن مسار الصور.

تستمر Docker وcontainerd وCosign وTrivy وKubernetes وواجهات Harbor باستخدام نقاطها المعتادة.

image.re8ch.comPublic product page

image.re8ch.com/assets/*Static site assets

registry.re8ch.com/v2/*Not handled by this Worker

registry.re8ch.com/service/*Harbor token service remains untouched

وعود منتج Registry

▣

Prebuilt releases

Images are built outside production nodes, pushed by immutable tag, signed by digest, then deployed.

◈

Member isolation

Each approved member receives an isolated Harbor project, quota, retention policy, and audit trail.

◉

Supply-chain signals

Cosign signatures, vulnerability scans, and SBOM availability are visible product-level signals.

◎

Ops events

Registry events flow into a separate receiver before notifications, automation, or incident handling.

Registry Live Case

Anonymous public snapshot generated from private Harbor and registry operations. Names are HMAC-hashed before publishing.

Projects--Anonymous project spaces

Repositories--OCI repositories tracked

Artifacts--Published image artifacts

Quota used--Aggregate storage pressure

Scan coverage--Latest public security signal

Signature coverage--Cosign or equivalent signing

SBOM coverage--Materials visibility

Fresh artifacts--Recently refreshed images

Pulls 24h--Anonymous registry demand

Pushes 24h--Release activity

Critical findings--Public aggregate only

Supply grade--Scan + sign + SBOM

Release activityLoading snapshot...

Severity distributioncritical / high / medium / low

Supply-chain trendscan / sign / SBOM

Project storageanonymous project ratios

Semantic groupsproduct roles

Anonymous projectRoleArtifactsQuotaHealth

Loading latest public snapshot...

Anonymous repoRoleArtifactsPulls 24hRiskSBOM

انضمام الأعضاء

1Submit email, namespace, use case, public/private preference, and storage estimate.

2Ops reviews the request and creates a Harbor project with default security metadata.

3The member receives documented pull access first; push access is granted when the release contract is clear.

4Runtime tenants can later be upgraded into the full SaaS infrastructure bundle.

حدود الأمان لـ registry.re8ch.com

1Do not proxy Docker layer blobs through the product page.

2Do not expose private project names, robot credentials, or cluster node names.

3Do not mix public registry members with SaaS runtime namespaces by default.

4Do keep Harbor as the source of truth for OCI operations.

يبقى مسار OCI بسيطا

المسار الطبيعي هو سير عمل الحاويات القياسي:

docker login registry.re8ch.com
docker pull registry.re8ch.com/functions-shared/alpine:3.23.4
cosign verify --key cosign.pub registry.re8ch.com/<project>/<repo>@sha256:<digest>