Release notes for Container Registry
What's new in IBM Cloud® Container Registry and Vulnerability Advisor. The changes are grouped by date.
26 June 2024
- Firewall changes from 4 September 2024 for users that pull IBM Cloud Container Registry images from global (
icr.io
) -
To ensure continued worldwide performance for global registry (
icr.io
) in IBM Cloud® Container Registry, a content delivery network (CDN) is being enabled that means that you might have to adjust your firewall settings. If you need to adjust your firewall settings, you must adjust them by 4 September 2024.For more information, see Important firewall changes from 4 September 2024 for users that pull IBM Cloud Container Registry images from global (
icr.io
).
15 March 2024
- New region in Madrid
- A new region in Madrid, Spain is available. The new region is
eu-es
and the domain name ises.icr.io
. For more information, see Local regions.
13 November 2023
- Discontinuation of Vulnerability Advisor version 3
-
Vulnerability Advisor version 3 is discontinued.
For more information about how to update to Vulnerability Advisor version 4, see Vulnerability Advisor version 3 is being discontinued on 13 November 2023.
11 October 2023
- Vulnerability Advisor version 3 is discontinued from 13 November 2023
-
Vulnerability Advisor version 3 is being discontinued on 13 November 2023. If you have version 3 set as the default, you must update to Vulnerability Advisor version 4 by 13 November 2023. If you are already using version 4, no action is required.
For more information about how to update to version 4, see Vulnerability Advisor version 3 is being discontinued on 13 November 2023.
24 July 2023
- Added the option to output several IBM Cloud Container Registry commands in JSON format
-
The following IBM Cloud Container Registry commands now have an output option for JSON format:
ibmcloud cr exemption-add
ibmcloud cr exemption-list
ibmcloud cr exemption-types
ibmcloud cr image-list
ibmcloud cr namespace-list
ibmcloud cr plan
ibmcloud cr quota
ibmcloud cr retention-policy-list
For more information about the IBM Cloud Container Registry commands, see IBM Cloud Container Registry CLI
- The
--json
option for IBM Cloud Container Registry commands is deprecated -
The
--json
option is replaced with the--output json
option in the following commands:ibmcloud cr image-digests
ibmcloud cr image-prune-untagged
ibmcloud cr image-retention-run
ibmcloud cr trash-list
For more information about the IBM Cloud Container Registry commands, see IBM Cloud Container Registry CLI
19 June 2023
- Vulnerability Advisor version 3 is deprecated from 19 June 2023
- For more information about how to update to version 4, see Update Vulnerability Advisor to version 4 by 19 June 2023.
19 May 2023
- Update Vulnerability Advisor to version 4 by 19 June 2023
-
The Vulnerability Advisor component of IBM Cloud® Container Registry is being updated.
Vulnerability Advisor version 3 is being deprecated as the default on 19 June 2023. From 19 June 2023, the default will be Vulnerability Advisor version 4. If you have version 3 set as the default, you can continue to use version 3 until the end of support date. An end of support date is not available yet.
For more information, see Update Vulnerability Advisor to version 4 by 19 June 2023.
26 April 2023
- Using Portieris to block the deployment of images with issues is deprecated.
- The use of Portieris to block the deployment of images with issues that are found by Vulnerability Advisor is deprecated.
11 November 2022
- Change to virtual private endpoints
-
Virtual private endpoints are changing.
On 11 November 2022, virtual private endpoints (VPEs) for IBM Cloud Container Registry are being updated and the existing VPE version is being deprecated on 15 December 2022. If you use Container Registry VPE gateways, you must create new VPE gateways and remove your VPE gateways that were created before 11 November 2022 at the earliest opportunity so that you pick up these changes. VPE gateways that were created before 11 November 2022 are deprecated and will not work after 15 December 2022.
If you create a new Container Registry VPE gateway after 11 November 2022 and also use Cloud Identity and Access Management (IAM) restricted IP address lists, you must ensure that your restricted IP address list contains the Cloud Service Endpoint (CSE) source IP addresses of the VPCs in which your Container Registry VPE gateways exist. This requirement is related to a previous change to how Container Registry works over the private network that the new VPE version also uses, see Container Registry private IP addresses changed on 5 July 2022.
For more information, see Changes to Container Registry VPE gateways from 11 November 2022.
2 November 2022
- Changes to private IP addresses from 15 December 2022
-
The IBM Cloud Container Registry private IP addresses that were replaced on 5 July 2022 are being decommissioned on 15 December 2022.
IP addresses for accessing Container Registry over the private network changed on 5 July 2022, see Container Registry private IP addresses changed on 5 July 2022. You continue to be able to use these old IP addresses, but they are due to be decommissioned on 15 December 2022. After this date, you will not be able to access Container Registry by using these IP addresses.
For more information, see Changes to private IP addresses from 15 December 2022.
15 September 2022
- Container Registry plug-in 1.0.0 is available
-
A new version, version 1.0.0, of the Container Registry CLI plug-in is available. To update the version of your Container Registry CLI plug-in, see Updating the
container-registry
CLI plug-in.Version 1.0.0 includes Vulnerability Advisor 4.
In version 1.0.0, the
ibmcloud cr image-list
andibmcloud cr image-digests
commands no longer include security status by default. To include security status, you can either add the--va
option to the command, or use theibmcloud cr va
command to query the security status for an individual image.For more information, see Container Registry CLI stops returning security status results in lists by default from version 1.0.0.
- All releases of Container Registry plug-in 0.1 are deprecated
-
All releases of version 0.1 of the Container Registry CLI plug-in are deprecated. You can continue to use releases of version 0.1, but version 1.0.0 is available for you to use. Version 0.1 will continue to be updated with any required updates until 15 September 2023. To update the version of your CLI plug-in, see Updating the
container-registry
CLI plug-in. - Vulnerability Advisor 4 is available from Container Registry plug-in 1.0.0
-
From Container Registry plug-in 1.0.0, you can choose whether to use Vulnerability Advisor version 3 or version 4 to run your commands. Vulnerability Advisor 4 is available from version 1.0.0 of the Container Registry plug-in. Vulnerability Advisor 3 is the default.
If you want to continue to use version 3, you don't need to do anything.
If you want to use version 4 to run the
ibmcloud cr va
,ibmcloud cr image-list
, oribmcloud cr image-digests
commands, see Setting the version of Vulnerability Advisor.For more information about Vulnerability Advisor, see About Vulnerability Advisor. For more information about Vulnerability Advisor API 4, see Vulnerability Advisor 4 for IBM Cloud Container Registry.
- New commands for setting and checking the Vulnerability Advisor version are available from Container Registry plug-in 1.0.0
-
From Container Registry plug-in 1.0.0, you can use new commands to check and set Vulnerability Advisor versions.
If you want to continue to use version 3, you don't need to do anything.
If you want to use version 4, you can set the version by running the
ibmcloud cr va-version-set
command.For more information about setting the version by using the
ibmcloud cr va-version-set
command, seeibmcloud cr va-version-set
and Setting the version of Vulnerability Advisor.To find out which version of Vulnerability Advisor that you're running, see
ibmcloud cr va-version
.
3 August 2022
- The CLI stops returning security status results in lists by default from version 1.0.0
-
From IBM Cloud Container Registry CLI plug-in version 1.0.0, when you use the
ibmcloud cr image-list
andibmcloud cr image-digests
commands to list images, they return Vulnerability Advisor security status results only if you use the--va
option.If you want to continue to receive security status with your lists, prepare to upgrade by adding the new
--va
option to your commands.For more information, see Container Registry CLI stops returning security status results in lists by default from version 1.0.0.
8 July 2022
- Context-based restrictions
-
You can use context-based restrictions to define and enforce access restrictions for IBM Cloud resources based on the network location of access requests.
For more information, see Protecting Container Registry resources with context-based restrictions.
5 July 2022
- Change to Container Registry private IP addresses in all regions
-
If you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you are connecting to Container Registry over the private network, your lists of allowed IP addresses must now include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees also changed. This change also affects you if you have allowlists or a firewall rule.
For more information, see Container Registry private IP addresses changed on 5 July 2022 and Using IAM IP address access restrictions.
- All accounts require IAM access policies
-
To access IBM Cloud Container Registry, you must be using Cloud Identity and Access Management (IAM) access policies. You must ensure that you are using IAM access policies to manage access to the Container Registry service.
Policy-free authorization is discontinued in the following Container Registry regions:
us-south (us.icr.io)
uk-south (uk.icr.io)
eu-central (de.icr.io)
ap-south (au.icr.io)
ap-north (jp.icr.io)
Other regions are unaffected because they already require IAM access policies for all accounts.
For more information, see IAM access policies are required from 5 July 2022 and Defining IAM access policies.
23 June 2022
- Change to Container Registry private IP addresses in the following regions only:
br-sao
,ca-tor
-
If you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you're connecting to Container Registry over the private network in the
br-sao
andca-tor
regions, your lists of allowed IP addresses must now include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees also changed. This change also affects you if you have allowlists or a firewall rule. Other regions are not affected yet.For more information, see Container Registry private IP addresses changed on 5 July 2022 and Using IAM IP address access restrictions.
20 April 2022
- Container Registry private IP addresses are changing from 23 June 2022
-
By 23 June 2022, if you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you're connecting to Container Registry over the private network, you must update your lists of allowed IP addresses to include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees are also changing, which might require updates to your firewall configuration.
For more information, see Container Registry private IP addresses changed on 5 July 2022.
1 March 2022
- Amendment to the minimum supported Docker version for Container Registry
- From 1 March 2022, the minimum version of Docker Engine that is supported by Container Registry is v17.07, or later.
9 February 2022
- All accounts will require IAM access policies from 5 July 2022
-
From 5 July 2022, to access IBM Cloud Container Registry, you must be using Cloud Identity and Access Management (IAM) access policies. If you started to use Container Registry before the availability of IAM API key policies in Container Registry in February 2019, you must now ensure that you're using IAM access policies to manage access to the Container Registry service.
Policy-free authorization will be discontinued in the following Container Registry regions:
us-south (us.icr.io)
uk-south (uk.icr.io)
eu-central (de.icr.io)
ap-south (au.icr.io)
ap-north (jp.icr.io)
Other regions are unaffected because they already require IAM access policies for all accounts.
For more information, see IAM access policies are required from 5 July 2022 and Defining IAM access policies.
2 February 2022
- Replication of exemption policies between IBM regions is discontinued
-
From 2 February 2022, all regions require separate exemption policy management. Exemption policies are used to exclude any matching vulnerabilities or configuration issues from Vulnerability Advisor reports. You can set an exemption policy by running the
ibmcloud cr exemption-add
command, see Setting organizational exemption policies.For more information, see IBM Cloud Container Registry Is Ending Exemption Synchronization Across Regions.
1 February 2022
- Storage that is used by untagged images is being charged for
-
From 1 February 2022, IBM Cloud Container Registry is charging for the storage that is used by untagged images. To reduce the amount that you're charged, you can clean up your namespaces by deleting untagged images. You can also free up used storage and change service plans or quota limits to stay within given quota limits.
For more information, see Starting 1 February 2022, IBM Cloud Container Registry will be billing for the storage that is used by untagged images.
17 January 2022
- View IBM Cloud Activity Tracker events for Red Hat signing
-
You can view Activity Tracker events for Red Hat Signing operations.
For more information, see Auditing events for Container Registry.
7 December 2021
- Define configuration rules for Container Registry
-
As a security or compliance focal, you can use the Govern resources section of the Security and Compliance Center dashboard to define configuration rulesA JSON document that defines the configuration of resources and validates the compliance based on security requirements when a resource is created or modified. for Container Registry.
For more information, see Managing security and compliance for Container Registry.
1 November 2021
- Using Notary v1 for signing images is discontinued
-
The Notary v1 service that supports Docker Content Trust and
docker trust
commands in Container Registry is discontinued from 1 November 2021.Container Registry supports the Red Hat Signing model. For more information, see Signing images for trusted content by using Red Hat signatures.
5 October 2021
- Container Registry container builds are discontinued
-
The
ibmcloud cr build
command is discontinued from 5 October 2021. You can use Tekton pipelines instead.For more information, see IBM Cloud Container Registry is Deprecating Container Builds or Container Registry is deprecating container builds - act by 6 September 2021.
2 September 2021
- Namespaces that are assigned to a resource group show in the Resource list page
- Namespaces that are assigned to a resource group show in the Resource list page of the IBM Cloud console. For more information, see Planning namespaces.
30 August 2021
- New region in Brazil
- A new region in Sao Paulo, Brazil is available. The new region is
br-sao
and the domain name isbr.icr.io
. For more information, see Local regions.
19 August 2021
- Using registry tokens is discontinued
- From 19 August 2021, registry tokens are no longer accepted for authentication. For more information, see IBM Cloud Container Registry Deprecates Registry Tokens for Authentication.
9 August 2021
- The
ibmcloud cr login
command logs you into the<region>.icr.io
registry domain only - From version 0.1.541 of the Container Registry CLI, the
ibmcloud cr login
command logs you in to the<region>.icr.io
registry domain only, where<region>
is your region. If you want to log in to the deprecated domain,registry.<region>.bluemix.net
, usedocker login
, see Authentication.
8 July 2021
- Using Notary v1 for signing images is deprecated
-
The Notary v1 service for signing images is deprecated. It is being removed from Container Registry on 31 August 2021.
As an alternative approach, Container Registry supports the Red Hat Signing model. For more information, see Signing images for trusted content by using Red Hat signatures.
21 June 2021
- Global registry
- The global registry (
icr.io
) is now available for hosting user images and namespaces. Previously the global registry hosted only public images that are provided by IBM. For more information, see Global registry.
10 May 2021
- New region in Canada
- A new region in Toronto, Canada is available. The new region is
ca-tor
and the domain name isca.icr.io
. For more information, see Local regions.
4 May 2021
- The
ibmcloud cr ppa-archive-load
command is discontinued - The
ibmcloud cr ppa-archive-load
command is discontinued. Containerized software is distributed in IBM Cloud Paks, see IBM Cloud Paks. To run IBM Cloud Paks on Red Hat OpenShift on IBM Cloud, see Adding Cloud Paks. For more information about setting up your IBM Cloud Kubernetes Service cluster to pull entitled software, see Setting up a cluster to pull entitled software.
18 February 2021
- Increase the performance of the
ibmcloud cr image-list
andibmcloud cr image-digests
commands by using the--no-va
option - If you don't need the security status (Vulnerability Advisor) results as part of the output of the
ibmcloud cr image-list
oribmcloud cr image-digests
commands, you can use the--no-va
option to increase performance.
15 February 2021
- New region in Japan
- A new region in Japan is available. The new region is
jp-osa
and the domain name isjp2.icr.io
. For more information, see Local regions.
19 November 2020
- You can use Portieris to enforce container image security
-
With effect from 19 November 2020, Container Image Security Enforcement is deprecated. To enforce container image security, you can use Portieris. You can use Portieris to control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.
For more information, see Enforcing container image security by using Portieris.
21 October 2020
- Find out about the usage on your account by using platform metrics
-
You can use the
ibmcloud cr platform-metrics
command to enable and disable platform metrics, and to find out whether you have platform metrics set up on your account.For more information, see Monitoring metrics for IBM Cloud Container Registry.
6 October 2020
- Container Registry container builds are deprecated
-
The
ibmcloud cr build
command, which builds an image in IBM Cloud and pushes it to Container Registry, is deprecated from 6 October 2020. You can use Tekton pipelines instead.For more information, see IBM Cloud Container Registry is Deprecating Container Builds.
27 August 2020
- Setting exemption policies by digest
-
When you want to set up an exemption policy, you can set the scope by namespace, repository, digest, or tag. You can set an exemption policy by running the
ibmcloud cr exemption-add
command.For more information, see Setting organizational exemption policies.
12 August 2020
- Using UAA tokens is discontinued
-
From 12 August 2020, UAA tokens are no longer accepted for authentication. At the moment, registry tokens continue to be accepted, but their use is deprecated.
For more information, see Announcing End of IBM Cloud Container Registry Support for UAA Tokens.
30 July 2020
- New access roles are required for Vulnerability Advisor exemption policies
-
If you want to manage your Vulnerability Advisor exemption policies for security issues, depending on the task that you want to complete, you might have to update your access role.
For more information, see Access roles for configuring Container Registry.
29 July 2020
- You can set permissions so that access to resources within a namespace can be configured at the resource group level
-
Namespaces are created in resource groups so that access to resources within a namespace can be configured at the resource group level. If a namespace isn't already in a resource group, you can assign the namespace to a resource group.
-
Namespaces created in version 0.1.485 of the Container Registry CLI or later, or in the IBM Cloud console on or after 29 July 2020, are created in a resource group that you specify so that you can configure access to resources within the namespace at the resource group level. However, you can still set permissions for the namespace at the account level or in the namespace itself. For more information, see Set up a namespace and
ibmcloud cr namespace-add
. -
Namespaces created in version 0.1.484 of the Container Registry CLI or earlier, or in the IBM Cloud console before 29 July 2020 aren't assigned to resource groups. You can assign an existing namespace to a resource group so that you can configure access to resources within a namespace at the resource group level. For more information, see Assigning existing namespaces to resource groups and
ibmcloud cr namespace-assign
. -
You can find out which namespaces are assigned to resource groups and which are unassigned by running the
ibmcloud cr namespace-list
command with the-v
option.
-
13 July 2020
- To work with namespaces, you must have the Manager role at the account level
- If you want to add or remove namespaces, you must have the Manager role, see Access roles for configuring Container Registry.
24 June 2020
-
When you want to restore an image, you can restore either by tag or by digest. Restoring by digest restores the digest and all its tags in the repository that aren't already in the live repository. You can restore an image by running the
ibmcloud cr image-restore
command.For more information, see Restoring images.
18 May 2020
- Retaining untagged images is now an option when you clean up your namespaces
-
Retention policies now include untagged images by default when they calculate what to retain. You can use the
retain-untagged
option for theibmcloud cr retention-policy-set
andibmcloud cr retention-run
commands to keep all untagged images and delete only tagged images. You can view the value ofretain-untagged
for each retention policy by running theibmcloud cr retention-policy-list
command.For more information, see Cleaning up your namespaces.
30 April 2020
ibmcloud cr image-prune-untagged
command is available-
The
ibmcloud cr image-prune-untagged
command deletes all untagged images in your Container Registry account.For more information, see
ibmcloud cr image-prune-untagged
and Clean up your namespaces by deleting untagged images.
16 April 2020
- You can use private network connections to securely route your data in Container Registry
-
If you use cloud-based services for production workloads, you can use a secure private connection so that you can ensure that you adhere to any compliance regulations. You can use IBM Cloud service endpoints to connect to IBM Cloud services over the private IBM Cloud network.
For more information, see Securing your connection to Container Registry and IBM Cloud Container Registry architecture and workload.
ibmcloud cr private-only
command is available-
You can use the
ibmcloud cr private-only
command to prevent image pulls or pushes over public network connections for your account.For more information, see
ibmcloud cr private-only
.
3 February 2020
- Using Container Registry tokens is deprecated
-
The use of UAA and Container Registry tokens is deprecated. From 12 August 2020, UAA tokens are not accepted for authentication.
For more information, see Announcing End of IBM Cloud Container Registry Support for UAA Tokens.
31 January 2020
ibmcloud cr image-digests
command is available-
The
ibmcloud cr image-digests
command displays all images in your account, including untagged images.For more information, see
ibmcloud cr image-digests
.
4 December 2019
- Support for Red Hat signatures is available
-
Container Registry now supports Red Hat signatures.
For more information, see Signing images for trusted content by using Red Hat® signatures.
25 October 2019
- IBM Log Analysis platform services logs are available
- Container Registry generates platform services logs that are displayed in your logging instances.
14 October 2019
ibmcloud cr manifest-inspect
command is available-
The
ibmcloud cr manifest-inspect
command displays the contents of the manifest for an image.For more information, see
ibmcloud cr manifest-inspect
.
23 September 2019
- You can create retention policies for your images
-
Image retention policies retain the specified number of images for each repository within a namespace in Container Registry. All other images in the namespace are deleted.
The following commands are available for you to use to create retention policies so that you can manage your images:
- The
ibmcloud cr retention-policy-set
command sets up a policy for retaining images for each repository within a namespace. - The
ibmcloud cr retention-policy-list
command lists the image retention policies for your account.
For more information, see Retaining images.
- The
- You can restore deleted images from the trash
-
All deleted images are stored in the trash for 30 days.
The following commands are available for you to use to restore images:
- The
ibmcloud cr trash-list
command displays all images in the trash in your IBM Cloud account. Images remain in the trash for 30 days after deletion. - The
ibmcloud cr image-restore
command restores a deleted image from the trash.
For more information, see Listing images in the trash and Restoring images.
- The
1 August 2019
ibmcloud cr retention-run
command is available-
The
ibmcloud cr retention-run
command cleans up your namespaces by retaining images for each repository within a namespace in Container Registry by applying specified criteria. All other images in the namespace are deleted.For more information, see
ibmcloud cr retention-run
and Retaining images.
25 July 2019
- IBM Cloud Activity Tracker available for Container Registry
-
Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.
For more information, see Auditing events for Container Registry.
1 July 2019
ibmcloud cr token-add
command is no longer available- The
ibmcloud cr token-add
command is discontinued. You can't add registry tokens in either the CLI or the API anymore.
27 June 2019
- Container Scanner is no longer available
- The Container Scanner is discontinued. Vulnerability Advisor still scans images that are pushed to Container Registry.
13 June 2019
-
Remove a tag, or tags, from each specified image in Container Registry. To remove a specific tag from an image and leave the underlying image and any other tags in place, use the
ibmcloud cr image-untag
command. If you want to delete the underlying image, and all its tags, use theibmcloud cr image-rm
command instead.For more information, see Removing tags from images in your private repository.
13 May 2019
- End of support for Container Scanner
- Container Scanner is now discontinued and is no longer usable.
2 April 2019
- General Availability of Container Image Security Enforcement
- Use Container Image Security Enforcement to verify your container images before you deploy them to your cluster in IBM Cloud Kubernetes Service. You can control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.
14 March 2019
- IBM Cloud Activity Tracker available for Container Registry
-
Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.
For more information, see Auditing events for Container Registry.
25 February 2019
- New domain names
-
Container Registry is adopting new domain names. The new domain names are available in the IBM Cloud console and the CLI. You can use the new
icr.io
domain names now. The existingregistry.bluemix.net
domain names are deprecated, but you can continue to use them until the end of support date. An end of support date is not available yet.For more information, see Regions and Introducing New IBM Cloud Container Registry Domain Names.
Signatures apply to the whole image name, which includes the domain name. If you're using content trust, you must add new signatures so that you can use content trust under the new domain name.
For more information about signing images, see Signing images for trusted content.
- Adding IAM API key policies to control access to resources
-
The new cluster image pull secrets for the
icr.io
domains are authorized by using an Cloud Identity and Access Management (IAM) API key. Therefore, if you want more control over access to your Container Registry resources, you can add IAM access policies. For example, you can change the API key policies in the cluster's pull secret so that images are pulled from a certain registry region or namespace only.For more information, see Understanding how to authorize your cluster to pull images from a registry.
- New region in ap-north
-
A new region is available in
ap-north
. You can use the new region by using the domain namejp.icr.io
.For more information, see Regions.
21 February 2019
- Automating access to your namespaces
-
Using tokens to automate pushing and pulling Docker images to and from your namespaces is deprecated. You must now use API keys to automate access to your Container Registry namespaces so that you can push and pull images.
For more information, see Creating a user API key manually.
8 January 2019
- End of support for Vulnerability Advisor API version 2
- Vulnerability Advisor’s API version 2 is deprecated and is no longer usable. Use version 3 of the API, see Vulnerability Advisor for IBM Cloud Container Registry.
4 October 2018
- Managing user access
-
Use IBM Cloud Identity and Access Management (IAM) to control access by users in your account to Container Registry. When IAM access policies are enabled for your account in Container Registry, every user that accesses the service in your account must be assigned an IAM access policyA method for granting users, service IDs, and access groups access to account resources. An access policy includes a subject, target, and role. with an IAM user role defined. That policy determines the role that the user has within the context of the service, and what actions the user can perform.
For more information, see Managing IAM access with Cloud Identity and Access Management, Defining IAM access policies, and Granting access to Container Registry resources tutorial.
7 August 2018
- Exemption policies available in Vulnerability Advisor
-
If you want to manage the security of an IBM Cloud organization, you can use your policy setting to determine whether an issue is exempt or not. You can use Portieris to ensure that deployment is allowed only from images that contain no security issues after accounting for any issues that are exempted by your policy.
For more information, see Setting organizational exemption policies.
25 July 2018
- IBM Cloud Activity Tracker available for Vulnerability Advisor
-
Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.
For more information, see Auditing events for Container Registry.
12 July 2018
- Vulnerability Advisor API version 3
-
Version 3 of the API changes the behavior of the API endpoints that are used to list exemptions. You must check that your use of the API does not rely on the behavior of version 2.
For more information, see Vulnerability Advisor for IBM Cloud Container Registry.
31 May 2018
- Use Helm for Passport Advantage images
- Import IBM software that is downloaded from IBM Passport Advantage Online for customers and packaged for use with Helm into your Container Registry namespace.
21 March 2018
- Container Scanner
- Container Scanner enables Vulnerability Advisor to report any problems that are found in running containers that are not present in the container's base image.
16 March 2018
- Container Image Security Enforcement beta
- Use Container Image Security Enforcement beta to verify your container images before you deploy them to your cluster in IBM Cloud Kubernetes Service. You can control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.
20 February 2018
- Trusted content
-
Container Registry provides trusted content technology so that you can sign images to ensure the integrity of images in your registry namespace. By pulling and pushing signed images, you can verify that your images were pushed by the correct party, such as your continuous integration (CI) tools.
For more information, see Signing images for trusted content.
6 November 2017
- Global registry
-
A global registry is available. The global registry domain name doesn't include a region (
icr.io
). Only public images that are provided by IBM are hosted in this registry.For more information, see Global registry.
29 September 2017
- Build Docker images
-
The
ibmcloud cr build
command is now available for running container builds. You can build a Docker image directly in IBM Cloud or create your own Docker image on your local computer and upload (push) it to your namespace in Container Registry.For more information, see Building Docker images to use them with your namespace.
24 August 2017
- Graphical user interface released
- The IBM Cloud Container Registry graphical user interface is available in the catalog, see Container Registry.
27 June 2017
- Introducing IBM Cloud Container Registry
-
IBM Cloud Container Registry is available as a service in IBM Cloud. Container Registry provides a multi-tenant private image registry that you can use to store and share your container images with users in your IBM Cloud account.
For more information about how to use Container Registry, see Getting started with Container Registry.