Formats/Docker

Modernize Your Docker Container Infrastructure with Cloudsmith

Managing a private Docker registry on-premises is costly and time-consuming. It makes integration with teams and build processes in multiple locations complex, and imposes huge performance compromises on distributed teams. Switch to Cloudsmith for a secure, cloud native Docker registry built for global teams. Eliminate on-prem overhead and scale container delivery with confidence.

Docker on Cloudsmith

Simplify and streamline operations. Cloudsmith is a secure, cloud-native store for all your container images and software artifacts.

  • Use Docker + 30 other formats in one platform
  • Manage OCI-compliant container images alongside language packages and raw files
  • Centralize your entire software supply chain with zero infrastructure overhead

How we support Docker

Cloudsmith gives you a fully managed, OCI-compliant Docker registry with built-in security, global delivery, and the controls enterprise teams need. No servers to run, no infrastructure to patch.
    Feature-complete Docker registry
    Push, pull, tag, inspect, and manage container images using your existing Docker CLI and tooling with no plugins or reconfiguration. Supports OCI image formats, multi-architecture manifests, and Docker v2 schema.
    Global delivery at scale
    Container images are distributed via Cloudsmith's CDN-backed infrastructure with 600+ edge points of presence, giving distributed teams fast pulls wherever they are.
    Integrated vulnerability scanning
    Every image is automatically scanned for CVEs and malware on upload. Enforce policies based on CVSS severity or EPSS scores to block or quarantine non-compliant images before they reach your teams.
    Granular access and governance
    Control access to public and private registries with RBAC, scoped entitlement tokens, and IP allow-listing. Integrates with SAML SSO providers including Okta, Azure AD, and Ping Identity, with a full audit trail.
    Multi-format in one place
    Store Docker images alongside NPM, Maven, PyPI, Helm, and 25+ other formats in a single platform. One access model, one audit log, one bill - no fragmented tooling.

Why teams choose Cloudsmith for Docker

Self-hosted and single-cloud registries trade short-term control for long-term operational burden. Cloudsmith removes that burden entirely.
Without CloudsmithSelf-hosted registries consume engineering time on storage management, NGINX TLS config, SSL certificates, and capacity planning. Every large image push risks hitting proxy size limits or timeout errors.
With CloudsmithCloudsmith manages all infrastructure. There is no hardware to provision, no reverse proxy to configure, and no storage limits to plan around. Push large images without timeout workarounds.
Without CloudsmithDistributed teams pulling images from a single-region registry suffer slow pull times, flaky builds, and degraded CI pipelines. Docker Hub rate limits compound the problem for open-source base images.
With CloudsmithCloudsmith's CDN-backed edge network serves images from 600+ global points of presence. Teams in every region get fast, consistent pull speeds, and upstream proxying eliminates Hub rate-limit disruption.
Without CloudsmithVulnerability scanning is bolted on after the fact, security policies live in separate tooling, and there is no unified audit trail linking image access to identities and pipelines.
With CloudsmithEvery image is scanned automatically on upload. OPA Rego policies enforce CVE thresholds across all repositories, and a single audit log ties every push, pull, and policy action to a named identity.

Signs you're ready to switch to Cloudsmith for Docker

If your current registry is costing your team time, slowing builds, or leaving security gaps, Cloudsmith gives you a direct upgrade path with zero infrastructure carry-over.
    Infrastructure overhead is eating sprint capacity
    If your team is managing disk space, patching registry containers, or debugging NGINX proxy config instead of shipping software, you are paying operational costs that a managed registry eliminates entirely.
    Slow image pulls are hurting build times
    A single-region registry penalises every remote team and CI runner with high latency pulls. If slow Docker pulls are on your retrospective list, Cloudsmith's global edge network fixes it without topology changes.
    Security scanning is manual or missing
    Registries without automated CVE scanning leave you discovering vulnerabilities in production. Cloudsmith scans every image on upload and enforces configurable policies before images reach any environment.
    Docker lives in a silo from the rest of your artifacts
    When your container registry is separate from your package repositories, you get duplicated access controls, split audit trails, and fragmented tooling. Cloudsmith centralises all formats under one roof.
    OCI standard upgrades keep breaking things
    Container signing, referrers, and OCI image indexes evolve continuously. Self-hosted registries require constant patching to stay compliant. Cloudsmith tracks OCI standards and updates the platform for you.

Get started with Docker on Cloudsmith

Frequently asked questions

  1. Yes. Cloudsmith implements the Docker v2 and OCI Distribution API specifications, so you can use the standard docker push, docker pull, docker tag, and docker inspect commands with no additional plugins or wrappers.

  2. Yes. Cloudsmith supports OCI-standard image layouts, multi-architecture manifests (manifest lists), and Docker v2 schema images. As OCI standards evolve, Cloudsmith updates the platform so you never need to patch your registry infrastructure.

  3. Every image uploaded to Cloudsmith is automatically scanned for CVEs and malware. You can configure policies using OPA Rego to block, quarantine, or flag images based on CVSS severity thresholds or EPSS scores, preventing non-compliant images from reaching downstream environments.

  4. Yes. Cloudsmith's upstream proxying lets you route pulls from Docker Hub, GitHub Container Registry, and other public registries through your Cloudsmith repository. This eliminates Docker Hub rate-limit disruption and speeds up builds by caching layers close to your runners.

  5. Cloudsmith supports API token authentication, scoped entitlement tokens, and OIDC-based identity federation for CI/CD pipelines. For enterprise teams, SAML SSO integration with Okta, Azure AD, Ping Identity, and other providers gives your existing identity stack full control.

  6. Yes. Cloudsmith supports 30+ artifact formats in a single platform. You can store Docker images, Helm charts, NPM packages, PyPI wheels, and raw files under one access model, one audit log, and one bill, removing the need for separate registry tooling.

  7. Cloudsmith's CDN-backed delivery network spans 600+ edge points of presence. Images are served from the closest available node, giving remote teams and CI runners fast, consistent pull times regardless of where they are located.

  8. You can re-tag and push images using standard Docker CLI commands. Cloudsmith's documentation covers migration steps in detail, and our team can provide guidance on bulk migration strategies for large registries.

  9. Yes. You can configure retention rules to automatically remove old or unused image tags based on age, count, or custom criteria. This keeps your registry clean and prevents unbounded storage growth without manual housekeeping.

  10. Every push, pull, delete, policy action, and configuration change is recorded in Cloudsmith's audit log, tied to a named user or token identity. Logs are exportable for compliance reporting or ingestion into third-party SIEM and observability tooling.

Formats

There’s more than just Docker on Cloudsmith