RE8CH REGISTRY

Re8ch Registry

تحویل کانتینر امضاشده برای محصولات و اعضای Re8ch.

صفحه مستقل image.re8ch.com. Harbor منبع اصلی ترافیک OCI می‌ماند و این صفحه عضویت، امضا، SBOM، اسکن و انتشار امن tenant را توضیح می‌دهد.

باز کردن پورتال درخواست دسترسی
Built from the cloud-functions registry plan Membership applications, project-per-member isolation, prebuilt image deployment, Cosign enforcement, scan events, SBOMs, and an independent ops webhook receiver.

The product page does not sit in the image path.

Docker, containerd, Cosign, Trivy, Kubernetes, and Harbor APIs keep using their normal endpoints. The Worker only answers the product microsite route.

image.re8ch.comPublic product page
image.re8ch.com/assets/*Static site assets
registry.re8ch.com/v2/*Not handled by this Worker
registry.re8ch.com/service/*Harbor token service remains untouched

What the Registry product promises

Prebuilt releases

Images are built outside production nodes, pushed by immutable tag, signed by digest, then deployed.

Member isolation

Each approved member receives an isolated Harbor project, quota, retention policy, and audit trail.

Supply-chain signals

Cosign signatures, vulnerability scans, and SBOM availability are visible product-level signals.

Ops events

Registry events flow into a separate receiver before notifications, automation, or incident handling.

Registry Live Case

Anonymous public snapshot generated from private Harbor and registry operations. Names are HMAC-hashed before publishing.

Projects--Anonymous project spaces
Repositories--OCI repositories tracked
Artifacts--Published image artifacts
Quota used--Aggregate storage pressure
Scan coverage--Latest public security signal
Signature coverage--Cosign or equivalent signing
SBOM coverage--Materials visibility
Fresh artifacts--Recently refreshed images
Pulls 24h--Anonymous registry demand
Pushes 24h--Release activity
Critical findings--Public aggregate only
Supply grade--Scan + sign + SBOM
Release activityLoading snapshot...
Severity distributioncritical / high / medium / low
Supply-chain trendscan / sign / SBOM
Project storageanonymous project ratios
Semantic groupsproduct roles
Anonymous projectRoleArtifactsQuotaHealth

Loading latest public snapshot...

Anonymous repoRoleArtifactsPulls 24hRiskSBOM

Membership onboarding

1Submit email, namespace, use case, public/private preference, and storage estimate.
2Ops reviews the request and creates a Harbor project with default security metadata.
3The member receives documented pull access first; push access is granted when the release contract is clear.
4Runtime tenants can later be upgraded into the full SaaS infrastructure bundle.

Guardrails for registry.re8ch.com

1Do not proxy Docker layer blobs through the product page.
2Do not expose private project names, robot credentials, or cluster node names.
3Do not mix public registry members with SaaS runtime namespaces by default.
4Do keep Harbor as the source of truth for OCI operations.

OCI path stays boring

The happy path remains the standard container workflow:

docker login registry.re8ch.com
docker pull registry.re8ch.com/functions-shared/alpine:3.23.4
cosign verify --key cosign.pub registry.re8ch.com/<project>/<repo>@sha256:<digest>