IBM Cloud Docs
Release notes for Container Registry

Release notes for Container Registry

What's new in IBM Cloud® Container Registry and Vulnerability Advisor. The changes are grouped by date.

26 June 2024

Firewall changes from 4 September 2024 for users that pull IBM Cloud Container Registry images from global (icr.io)

To ensure continued worldwide performance for global registry (icr.io) in IBM Cloud® Container Registry, a content delivery network (CDN) is being enabled that means that you might have to adjust your firewall settings. If you need to adjust your firewall settings, you must adjust them by 4 September 2024.

For more information, see Important firewall changes from 4 September 2024 for users that pull IBM Cloud Container Registry images from global (icr.io).

15 March 2024

New region in Madrid
A new region in Madrid, Spain is available. The new region is eu-es and the domain name is es.icr.io. For more information, see Local regions.

13 November 2023

Discontinuation of Vulnerability Advisor version 3

Vulnerability Advisor version 3 is discontinued.

For more information about how to update to Vulnerability Advisor version 4, see Vulnerability Advisor version 3 is being discontinued on 13 November 2023.

11 October 2023

Vulnerability Advisor version 3 is discontinued from 13 November 2023

Vulnerability Advisor version 3 is being discontinued on 13 November 2023. If you have version 3 set as the default, you must update to Vulnerability Advisor version 4 by 13 November 2023. If you are already using version 4, no action is required.

For more information about how to update to version 4, see Vulnerability Advisor version 3 is being discontinued on 13 November 2023.

24 July 2023

Added the option to output several IBM Cloud Container Registry commands in JSON format

The following IBM Cloud Container Registry commands now have an output option for JSON format:

  • ibmcloud cr exemption-add
  • ibmcloud cr exemption-list
  • ibmcloud cr exemption-types
  • ibmcloud cr image-list
  • ibmcloud cr namespace-list
  • ibmcloud cr plan
  • ibmcloud cr quota
  • ibmcloud cr retention-policy-list

For more information about the IBM Cloud Container Registry commands, see IBM Cloud Container Registry CLI

The --json option for IBM Cloud Container Registry commands is deprecated

The --json option is replaced with the --output json option in the following commands:

  • ibmcloud cr image-digests
  • ibmcloud cr image-prune-untagged
  • ibmcloud cr image-retention-run
  • ibmcloud cr trash-list

For more information about the IBM Cloud Container Registry commands, see IBM Cloud Container Registry CLI

19 June 2023

Vulnerability Advisor version 3 is deprecated from 19 June 2023
For more information about how to update to version 4, see Update Vulnerability Advisor to version 4 by 19 June 2023.

19 May 2023

Update Vulnerability Advisor to version 4 by 19 June 2023

The Vulnerability Advisor component of IBM Cloud® Container Registry is being updated.

Vulnerability Advisor version 3 is being deprecated as the default on 19 June 2023. From 19 June 2023, the default will be Vulnerability Advisor version 4. If you have version 3 set as the default, you can continue to use version 3 until the end of support date. An end of support date is not available yet.

For more information, see Update Vulnerability Advisor to version 4 by 19 June 2023.

26 April 2023

Using Portieris to block the deployment of images with issues is deprecated.
The use of Portieris to block the deployment of images with issues that are found by Vulnerability Advisor is deprecated.

11 November 2022

Change to virtual private endpoints

Virtual private endpoints are changing.

On 11 November 2022, virtual private endpoints (VPEs) for IBM Cloud Container Registry are being updated and the existing VPE version is being deprecated on 15 December 2022. If you use Container Registry VPE gateways, you must create new VPE gateways and remove your VPE gateways that were created before 11 November 2022 at the earliest opportunity so that you pick up these changes. VPE gateways that were created before 11 November 2022 are deprecated and will not work after 15 December 2022.

If you create a new Container Registry VPE gateway after 11 November 2022 and also use Cloud Identity and Access Management (IAM) restricted IP address lists, you must ensure that your restricted IP address list contains the Cloud Service Endpoint (CSE) source IP addresses of the VPCs in which your Container Registry VPE gateways exist. This requirement is related to a previous change to how Container Registry works over the private network that the new VPE version also uses, see Container Registry private IP addresses changed on 5 July 2022.

For more information, see Changes to Container Registry VPE gateways from 11 November 2022.

2 November 2022

Changes to private IP addresses from 15 December 2022

The IBM Cloud Container Registry private IP addresses that were replaced on 5 July 2022 are being decommissioned on 15 December 2022.

IP addresses for accessing Container Registry over the private network changed on 5 July 2022, see Container Registry private IP addresses changed on 5 July 2022. You continue to be able to use these old IP addresses, but they are due to be decommissioned on 15 December 2022. After this date, you will not be able to access Container Registry by using these IP addresses.

For more information, see Changes to private IP addresses from 15 December 2022.

15 September 2022

Container Registry plug-in 1.0.0 is available

A new version, version 1.0.0, of the Container Registry CLI plug-in is available. To update the version of your Container Registry CLI plug-in, see Updating the container-registry CLI plug-in.

Version 1.0.0 includes Vulnerability Advisor 4.

In version 1.0.0, the ibmcloud cr image-list and ibmcloud cr image-digests commands no longer include security status by default. To include security status, you can either add the --va option to the command, or use the ibmcloud cr va command to query the security status for an individual image.

For more information, see Container Registry CLI stops returning security status results in lists by default from version 1.0.0.

All releases of Container Registry plug-in 0.1 are deprecated

All releases of version 0.1 of the Container Registry CLI plug-in are deprecated. You can continue to use releases of version 0.1, but version 1.0.0 is available for you to use. Version 0.1 will continue to be updated with any required updates until 15 September 2023. To update the version of your CLI plug-in, see Updating the container-registry CLI plug-in.

Vulnerability Advisor 4 is available from Container Registry plug-in 1.0.0

From Container Registry plug-in 1.0.0, you can choose whether to use Vulnerability Advisor version 3 or version 4 to run your commands. Vulnerability Advisor 4 is available from version 1.0.0 of the Container Registry plug-in. Vulnerability Advisor 3 is the default.

If you want to continue to use version 3, you don't need to do anything.

If you want to use version 4 to run the ibmcloud cr va, ibmcloud cr image-list, or ibmcloud cr image-digests commands, see Setting the version of Vulnerability Advisor.

For more information about Vulnerability Advisor, see About Vulnerability Advisor. For more information about Vulnerability Advisor API 4, see Vulnerability Advisor 4 for IBM Cloud Container Registry.

New commands for setting and checking the Vulnerability Advisor version are available from Container Registry plug-in 1.0.0

From Container Registry plug-in 1.0.0, you can use new commands to check and set Vulnerability Advisor versions.

If you want to continue to use version 3, you don't need to do anything.

If you want to use version 4, you can set the version by running the ibmcloud cr va-version-set command.

For more information about setting the version by using the ibmcloud cr va-version-set command, see ibmcloud cr va-version-set and Setting the version of Vulnerability Advisor.

To find out which version of Vulnerability Advisor that you're running, see ibmcloud cr va-version.

3 August 2022

The CLI stops returning security status results in lists by default from version 1.0.0

From IBM Cloud Container Registry CLI plug-in version 1.0.0, when you use the ibmcloud cr image-list and ibmcloud cr image-digests commands to list images, they return Vulnerability Advisor security status results only if you use the --va option.

If you want to continue to receive security status with your lists, prepare to upgrade by adding the new --va option to your commands.

For more information, see Container Registry CLI stops returning security status results in lists by default from version 1.0.0.

8 July 2022

Context-based restrictions

You can use context-based restrictions to define and enforce access restrictions for IBM Cloud resources based on the network location of access requests.

For more information, see Protecting Container Registry resources with context-based restrictions.

5 July 2022

Change to Container Registry private IP addresses in all regions

If you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you are connecting to Container Registry over the private network, your lists of allowed IP addresses must now include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees also changed. This change also affects you if you have allowlists or a firewall rule.

For more information, see Container Registry private IP addresses changed on 5 July 2022 and Using IAM IP address access restrictions.

All accounts require IAM access policies

To access IBM Cloud Container Registry, you must be using Cloud Identity and Access Management (IAM) access policies. You must ensure that you are using IAM access policies to manage access to the Container Registry service.

Policy-free authorization is discontinued in the following Container Registry regions:

  • us-south (us.icr.io)
  • uk-south (uk.icr.io)
  • eu-central (de.icr.io)
  • ap-south (au.icr.io)
  • ap-north (jp.icr.io)

Other regions are unaffected because they already require IAM access policies for all accounts.

For more information, see IAM access policies are required from 5 July 2022 and Defining IAM access policies.

23 June 2022

Change to Container Registry private IP addresses in the following regions only: br-sao, ca-tor

If you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you're connecting to Container Registry over the private network in the br-sao and ca-tor regions, your lists of allowed IP addresses must now include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees also changed. This change also affects you if you have allowlists or a firewall rule. Other regions are not affected yet.

For more information, see Container Registry private IP addresses changed on 5 July 2022 and Using IAM IP address access restrictions.

20 April 2022

Container Registry private IP addresses are changing from 23 June 2022

By 23 June 2022, if you're using Cloud Identity and Access Management (IAM) restricted IP address lists and you're connecting to Container Registry over the private network, you must update your lists of allowed IP addresses to include the private subnet and IP addresses of your own hosts. The IBM Cloud Container Registry private IP addressees are also changing, which might require updates to your firewall configuration.

For more information, see Container Registry private IP addresses changed on 5 July 2022.

1 March 2022

Amendment to the minimum supported Docker version for Container Registry
From 1 March 2022, the minimum version of Docker Engine that is supported by Container Registry is v17.07, or later.

9 February 2022

All accounts will require IAM access policies from 5 July 2022

From 5 July 2022, to access IBM Cloud Container Registry, you must be using Cloud Identity and Access Management (IAM) access policies. If you started to use Container Registry before the availability of IAM API key policies in Container Registry in February 2019, you must now ensure that you're using IAM access policies to manage access to the Container Registry service.

Policy-free authorization will be discontinued in the following Container Registry regions:

  • us-south (us.icr.io)
  • uk-south (uk.icr.io)
  • eu-central (de.icr.io)
  • ap-south (au.icr.io)
  • ap-north (jp.icr.io)

Other regions are unaffected because they already require IAM access policies for all accounts.

For more information, see IAM access policies are required from 5 July 2022 and Defining IAM access policies.

2 February 2022

Replication of exemption policies between IBM regions is discontinued

From 2 February 2022, all regions require separate exemption policy management. Exemption policies are used to exclude any matching vulnerabilities or configuration issues from Vulnerability Advisor reports. You can set an exemption policy by running the ibmcloud cr exemption-add command, see Setting organizational exemption policies.

For more information, see IBM Cloud Container Registry Is Ending Exemption Synchronization Across Regions.

1 February 2022

Storage that is used by untagged images is being charged for

From 1 February 2022, IBM Cloud Container Registry is charging for the storage that is used by untagged images. To reduce the amount that you're charged, you can clean up your namespaces by deleting untagged images. You can also free up used storage and change service plans or quota limits to stay within given quota limits.

For more information, see Starting 1 February 2022, IBM Cloud Container Registry will be billing for the storage that is used by untagged images.

17 January 2022

View IBM Cloud Activity Tracker events for Red Hat signing

You can view Activity Tracker events for Red Hat Signing operations.

For more information, see Auditing events for Container Registry.

7 December 2021

Define configuration rules for Container Registry

As a security or compliance focal, you can use the Govern resources section of the Security and Compliance Center dashboard to define configuration rulesA JSON document that defines the configuration of resources and validates the compliance based on security requirements when a resource is created or modified. for Container Registry.

For more information, see Managing security and compliance for Container Registry.

1 November 2021

Using Notary v1 for signing images is discontinued

The Notary v1 service that supports Docker Content Trust and docker trust commands in Container Registry is discontinued from 1 November 2021.

Container Registry supports the Red Hat Signing model. For more information, see Signing images for trusted content by using Red Hat signatures.

5 October 2021

Container Registry container builds are discontinued

The ibmcloud cr build command is discontinued from 5 October 2021. You can use Tekton pipelines instead.

For more information, see IBM Cloud Container Registry is Deprecating Container Builds or Container Registry is deprecating container builds - act by 6 September 2021.

2 September 2021

Namespaces that are assigned to a resource group show in the Resource list page
Namespaces that are assigned to a resource group show in the Resource list page of the IBM Cloud console. For more information, see Planning namespaces.

30 August 2021

New region in Brazil
A new region in Sao Paulo, Brazil is available. The new region is br-sao and the domain name is br.icr.io. For more information, see Local regions.

19 August 2021

Using registry tokens is discontinued
From 19 August 2021, registry tokens are no longer accepted for authentication. For more information, see IBM Cloud Container Registry Deprecates Registry Tokens for Authentication.

9 August 2021

The ibmcloud cr login command logs you into the <region>.icr.io registry domain only
From version 0.1.541 of the Container Registry CLI, the ibmcloud cr login command logs you in to the <region>.icr.io registry domain only, where <region> is your region. If you want to log in to the deprecated domain, registry.<region>.bluemix.net, use docker login, see Authentication.

8 July 2021

Using Notary v1 for signing images is deprecated

The Notary v1 service for signing images is deprecated. It is being removed from Container Registry on 31 August 2021.

As an alternative approach, Container Registry supports the Red Hat Signing model. For more information, see Signing images for trusted content by using Red Hat signatures.

21 June 2021

Global registry
The global registry (icr.io) is now available for hosting user images and namespaces. Previously the global registry hosted only public images that are provided by IBM. For more information, see Global registry.

10 May 2021

New region in Canada
A new region in Toronto, Canada is available. The new region is ca-tor and the domain name is ca.icr.io. For more information, see Local regions.

4 May 2021

The ibmcloud cr ppa-archive-load command is discontinued
The ibmcloud cr ppa-archive-load command is discontinued. Containerized software is distributed in IBM Cloud Paks, see IBM Cloud Paks. To run IBM Cloud Paks on Red Hat OpenShift on IBM Cloud, see Adding Cloud Paks. For more information about setting up your IBM Cloud Kubernetes Service cluster to pull entitled software, see Setting up a cluster to pull entitled software.

18 February 2021

Increase the performance of the ibmcloud cr image-list and ibmcloud cr image-digests commands by using the --no-va option
If you don't need the security status (Vulnerability Advisor) results as part of the output of the ibmcloud cr image-list or ibmcloud cr image-digests commands, you can use the --no-va option to increase performance.

15 February 2021

New region in Japan
A new region in Japan is available. The new region is jp-osa and the domain name is jp2.icr.io. For more information, see Local regions.

19 November 2020

You can use Portieris to enforce container image security

With effect from 19 November 2020, Container Image Security Enforcement is deprecated. To enforce container image security, you can use Portieris. You can use Portieris to control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.

For more information, see Enforcing container image security by using Portieris.

21 October 2020

Find out about the usage on your account by using platform metrics

You can use the ibmcloud cr platform-metrics command to enable and disable platform metrics, and to find out whether you have platform metrics set up on your account.

For more information, see Monitoring metrics for IBM Cloud Container Registry.

6 October 2020

Container Registry container builds are deprecated

The ibmcloud cr build command, which builds an image in IBM Cloud and pushes it to Container Registry, is deprecated from 6 October 2020. You can use Tekton pipelines instead.

For more information, see IBM Cloud Container Registry is Deprecating Container Builds.

27 August 2020

Setting exemption policies by digest

When you want to set up an exemption policy, you can set the scope by namespace, repository, digest, or tag. You can set an exemption policy by running the ibmcloud cr exemption-add command.

For more information, see Setting organizational exemption policies.

12 August 2020

Using UAA tokens is discontinued

From 12 August 2020, UAA tokens are no longer accepted for authentication. At the moment, registry tokens continue to be accepted, but their use is deprecated.

For more information, see Announcing End of IBM Cloud Container Registry Support for UAA Tokens.

30 July 2020

New access roles are required for Vulnerability Advisor exemption policies

If you want to manage your Vulnerability Advisor exemption policies for security issues, depending on the task that you want to complete, you might have to update your access role.

For more information, see Access roles for configuring Container Registry.

29 July 2020

You can set permissions so that access to resources within a namespace can be configured at the resource group level

Namespaces are created in resource groups so that access to resources within a namespace can be configured at the resource group level. If a namespace isn't already in a resource group, you can assign the namespace to a resource group.

  • Namespaces created in version 0.1.485 of the Container Registry CLI or later, or in the IBM Cloud console on or after 29 July 2020, are created in a resource group that you specify so that you can configure access to resources within the namespace at the resource group level. However, you can still set permissions for the namespace at the account level or in the namespace itself. For more information, see Set up a namespace and ibmcloud cr namespace-add.

  • Namespaces created in version 0.1.484 of the Container Registry CLI or earlier, or in the IBM Cloud console before 29 July 2020 aren't assigned to resource groups. You can assign an existing namespace to a resource group so that you can configure access to resources within a namespace at the resource group level. For more information, see Assigning existing namespaces to resource groups and ibmcloud cr namespace-assign.

  • You can find out which namespaces are assigned to resource groups and which are unassigned by running the ibmcloud cr namespace-list command with the -v option.

13 July 2020

To work with namespaces, you must have the Manager role at the account level
If you want to add or remove namespaces, you must have the Manager role, see Access roles for configuring Container Registry.

24 June 2020

Restoring all tags for a digest in a repository is now an option

When you want to restore an image, you can restore either by tag or by digest. Restoring by digest restores the digest and all its tags in the repository that aren't already in the live repository. You can restore an image by running the ibmcloud cr image-restore command.

For more information, see Restoring images.

18 May 2020

Retaining untagged images is now an option when you clean up your namespaces

Retention policies now include untagged images by default when they calculate what to retain. You can use the retain-untagged option for the ibmcloud cr retention-policy-set and ibmcloud cr retention-run commands to keep all untagged images and delete only tagged images. You can view the value of retain-untagged for each retention policy by running the ibmcloud cr retention-policy-list command.

For more information, see Cleaning up your namespaces.

30 April 2020

ibmcloud cr image-prune-untagged command is available

The ibmcloud cr image-prune-untagged command deletes all untagged images in your Container Registry account.

For more information, see ibmcloud cr image-prune-untagged and Clean up your namespaces by deleting untagged images.

16 April 2020

You can use private network connections to securely route your data in Container Registry

If you use cloud-based services for production workloads, you can use a secure private connection so that you can ensure that you adhere to any compliance regulations. You can use IBM Cloud service endpoints to connect to IBM Cloud services over the private IBM Cloud network.

For more information, see Securing your connection to Container Registry and IBM Cloud Container Registry architecture and workload.

ibmcloud cr private-only command is available

You can use the ibmcloud cr private-only command to prevent image pulls or pushes over public network connections for your account.

For more information, see ibmcloud cr private-only.

3 February 2020

Using Container Registry tokens is deprecated

The use of UAA and Container Registry tokens is deprecated. From 12 August 2020, UAA tokens are not accepted for authentication.

For more information, see Announcing End of IBM Cloud Container Registry Support for UAA Tokens.

31 January 2020

ibmcloud cr image-digests command is available

The ibmcloud cr image-digests command displays all images in your account, including untagged images.

For more information, see ibmcloud cr image-digests.

4 December 2019

Support for Red Hat signatures is available

Container Registry now supports Red Hat signatures.

For more information, see Signing images for trusted content by using Red Hat® signatures.

25 October 2019

IBM Log Analysis platform services logs are available
Container Registry generates platform services logs that are displayed in your logging instances.

14 October 2019

ibmcloud cr manifest-inspect command is available

The ibmcloud cr manifest-inspect command displays the contents of the manifest for an image.

For more information, see ibmcloud cr manifest-inspect.

23 September 2019

You can create retention policies for your images

Image retention policies retain the specified number of images for each repository within a namespace in Container Registry. All other images in the namespace are deleted.

The following commands are available for you to use to create retention policies so that you can manage your images:

For more information, see Retaining images.

You can restore deleted images from the trash

All deleted images are stored in the trash for 30 days.

The following commands are available for you to use to restore images:

For more information, see Listing images in the trash and Restoring images.

1 August 2019

ibmcloud cr retention-run command is available

The ibmcloud cr retention-run command cleans up your namespaces by retaining images for each repository within a namespace in Container Registry by applying specified criteria. All other images in the namespace are deleted.

For more information, see ibmcloud cr retention-run and Retaining images.

25 July 2019

IBM Cloud Activity Tracker available for Container Registry

Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.

For more information, see Auditing events for Container Registry.

1 July 2019

ibmcloud cr token-add command is no longer available
The ibmcloud cr token-add command is discontinued. You can't add registry tokens in either the CLI or the API anymore.

27 June 2019

Container Scanner is no longer available
The Container Scanner is discontinued. Vulnerability Advisor still scans images that are pushed to Container Registry.

13 June 2019

Remove tags from images

Remove a tag, or tags, from each specified image in Container Registry. To remove a specific tag from an image and leave the underlying image and any other tags in place, use the ibmcloud cr image-untag command. If you want to delete the underlying image, and all its tags, use the ibmcloud cr image-rm command instead.

For more information, see Removing tags from images in your private repository.

13 May 2019

End of support for Container Scanner
Container Scanner is now discontinued and is no longer usable.

2 April 2019

General Availability of Container Image Security Enforcement
Use Container Image Security Enforcement to verify your container images before you deploy them to your cluster in IBM Cloud Kubernetes Service. You can control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.

14 March 2019

IBM Cloud Activity Tracker available for Container Registry

Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.

For more information, see Auditing events for Container Registry.

25 February 2019

New domain names

Container Registry is adopting new domain names. The new domain names are available in the IBM Cloud console and the CLI. You can use the new icr.io domain names now. The existing registry.bluemix.net domain names are deprecated, but you can continue to use them until the end of support date. An end of support date is not available yet.

For more information, see Regions and Introducing New IBM Cloud Container Registry Domain Names.

Signatures apply to the whole image name, which includes the domain name. If you're using content trust, you must add new signatures so that you can use content trust under the new domain name.

For more information about signing images, see Signing images for trusted content.

Adding IAM API key policies to control access to resources

The new cluster image pull secrets for the icr.io domains are authorized by using an Cloud Identity and Access Management (IAM) API key. Therefore, if you want more control over access to your Container Registry resources, you can add IAM access policies. For example, you can change the API key policies in the cluster's pull secret so that images are pulled from a certain registry region or namespace only.

For more information, see Understanding how to authorize your cluster to pull images from a registry.

New region in ap-north

A new region is available in ap-north. You can use the new region by using the domain name jp.icr.io.

For more information, see Regions.

21 February 2019

Automating access to your namespaces

Using tokens to automate pushing and pulling Docker images to and from your namespaces is deprecated. You must now use API keys to automate access to your Container Registry namespaces so that you can push and pull images.

For more information, see Creating a user API key manually.

8 January 2019

End of support for Vulnerability Advisor API version 2
Vulnerability Advisor’s API version 2 is deprecated and is no longer usable. Use version 3 of the API, see Vulnerability Advisor for IBM Cloud Container Registry.

4 October 2018

Managing user access

Use IBM Cloud Identity and Access Management (IAM) to control access by users in your account to Container Registry. When IAM access policies are enabled for your account in Container Registry, every user that accesses the service in your account must be assigned an IAM access policyA method for granting users, service IDs, and access groups access to account resources. An access policy includes a subject, target, and role. with an IAM user role defined. That policy determines the role that the user has within the context of the service, and what actions the user can perform.

For more information, see Managing IAM access with Cloud Identity and Access Management, Defining IAM access policies, and Granting access to Container Registry resources tutorial.

7 August 2018

Exemption policies available in Vulnerability Advisor

If you want to manage the security of an IBM Cloud organization, you can use your policy setting to determine whether an issue is exempt or not. You can use Portieris to ensure that deployment is allowed only from images that contain no security issues after accounting for any issues that are exempted by your policy.

For more information, see Setting organizational exemption policies.

25 July 2018

IBM Cloud Activity Tracker available for Vulnerability Advisor

Use the IBM Cloud Activity Tracker service to track how users and applications interact with the Container Registry service in IBM Cloud.

For more information, see Auditing events for Container Registry.

12 July 2018

Vulnerability Advisor API version 3

Version 3 of the API changes the behavior of the API endpoints that are used to list exemptions. You must check that your use of the API does not rely on the behavior of version 2.

For more information, see Vulnerability Advisor for IBM Cloud Container Registry.

31 May 2018

Use Helm for Passport Advantage images
Import IBM software that is downloaded from IBM Passport Advantage Online for customers and packaged for use with Helm into your Container Registry namespace.

21 March 2018

Container Scanner
Container Scanner enables Vulnerability Advisor to report any problems that are found in running containers that are not present in the container's base image.

16 March 2018

Container Image Security Enforcement beta
Use Container Image Security Enforcement beta to verify your container images before you deploy them to your cluster in IBM Cloud Kubernetes Service. You can control where images are deployed from, enforce Vulnerability Advisor policies, and ensure that content trust is properly applied to the image.

20 February 2018

Trusted content

Container Registry provides trusted content technology so that you can sign images to ensure the integrity of images in your registry namespace. By pulling and pushing signed images, you can verify that your images were pushed by the correct party, such as your continuous integration (CI) tools.

For more information, see Signing images for trusted content.

6 November 2017

Global registry

A global registry is available. The global registry domain name doesn't include a region (icr.io). Only public images that are provided by IBM are hosted in this registry.

For more information, see Global registry.

29 September 2017

Build Docker images

The ibmcloud cr build command is now available for running container builds. You can build a Docker image directly in IBM Cloud or create your own Docker image on your local computer and upload (push) it to your namespace in Container Registry.

For more information, see Building Docker images to use them with your namespace.

24 August 2017

Graphical user interface released
The IBM Cloud Container Registry graphical user interface is available in the catalog, see Container Registry.

27 June 2017

Introducing IBM Cloud Container Registry

IBM Cloud Container Registry is available as a service in IBM Cloud. Container Registry provides a multi-tenant private image registry that you can use to store and share your container images with users in your IBM Cloud account.

For more information about how to use Container Registry, see Getting started with Container Registry.