RE8CH REGISTRY

Re8ch Registry

Re8ch 제품과 멤버를 위한 서명된 컨테이너 배포.

image.re8ch.com의 독립 제품 페이지입니다. Harbor는 OCI 트래픽의 기준으로 유지되고, 이 페이지는 멤버십, 서명, SBOM, 스캔, tenant-safe release를 설명합니다.

Built from the cloud-functions registry plan Membership applications, project-per-member isolation, prebuilt image deployment, Cosign enforcement, scan events, SBOMs, and an independent ops webhook receiver.

The product page does not sit in the image path.

Docker, containerd, Cosign, Trivy, Kubernetes, and Harbor APIs keep using their normal endpoints. The Worker only answers the product microsite route.

image.re8ch.comPublic product page

image.re8ch.com/assets/*Static site assets

registry.re8ch.com/v2/*Not handled by this Worker

registry.re8ch.com/service/*Harbor token service remains untouched

What the Registry product promises

▣

Prebuilt releases

Images are built outside production nodes, pushed by immutable tag, signed by digest, then deployed.

◈

Member isolation

Each approved member receives an isolated Harbor project, quota, retention policy, and audit trail.

◉

Supply-chain signals

Cosign signatures, vulnerability scans, and SBOM availability are visible product-level signals.

◎

Ops events

Registry events flow into a separate receiver before notifications, automation, or incident handling.

Registry Live Case

Anonymous public snapshot generated from private Harbor and registry operations. Names are HMAC-hashed before publishing.

Projects--Anonymous project spaces

Repositories--OCI repositories tracked

Artifacts--Published image artifacts

Quota used--Aggregate storage pressure

Scan coverage--Latest public security signal

Signature coverage--Cosign or equivalent signing

SBOM coverage--Materials visibility

Fresh artifacts--Recently refreshed images

Pulls 24h--Anonymous registry demand

Pushes 24h--Release activity

Critical findings--Public aggregate only

Supply grade--Scan + sign + SBOM

Release activityLoading snapshot...

Severity distributioncritical / high / medium / low

Supply-chain trendscan / sign / SBOM

Project storageanonymous project ratios

Semantic groupsproduct roles

Anonymous projectRoleArtifactsQuotaHealth

Loading latest public snapshot...

Anonymous repoRoleArtifactsPulls 24hRiskSBOM

Membership onboarding

1Submit email, namespace, use case, public/private preference, and storage estimate.

2Ops reviews the request and creates a Harbor project with default security metadata.

3The member receives documented pull access first; push access is granted when the release contract is clear.

4Runtime tenants can later be upgraded into the full SaaS infrastructure bundle.

Guardrails for registry.re8ch.com

1Do not proxy Docker layer blobs through the product page.

2Do not expose private project names, robot credentials, or cluster node names.

3Do not mix public registry members with SaaS runtime namespaces by default.

4Do keep Harbor as the source of truth for OCI operations.

OCI path stays boring

The happy path remains the standard container workflow:

docker login registry.re8ch.com
docker pull registry.re8ch.com/functions-shared/alpine:3.23.4
cosign verify --key cosign.pub registry.re8ch.com/<project>/<repo>@sha256:<digest>