GitLab Local Registry
Introduction
GitLab Local Registry is the fourth pillar of creation and is responsible for securely publishing validated artifacts, such as container images and packages, to the GitLab registry. It ensures that only artifacts that have passed all previous stages—code analysis, artifact build, and artifact analysis—are stored and made available for deployment or distribution.
Purpose
The GitLab Local Registry Pillar aims to:
- Securely Store Artifacts: Ensures that only validated and compliant artifacts are stored in the registry.
- Facilitate Deployment: Makes artifacts readily available for deployment to various environments.
- Maintain Traceability: Keeps track of artifact versions and their associated metadata.
- Archive Compliance Data: Stores SBOMs and BoE for auditing and compliance purposes.
Workflow Overview
Considering that all of the previous applicable pipeline stages have been successful the publish stage will publish to the GitLab package registry.
- Body of Evidence (BoE) -> GitLab Artifacts
- Container Image Publish -> GitLab Container Registry
- NPM Packages -> GitLab Package Registry
- Package (Common Packages)
- Software Bill of Materials (SBOM) -> GitLab Artifacts