poorman-registry icon indicating copy to clipboard operation
poorman-registry copied to clipboard

Free 0-CVE Images


Poor Man Registry

A poor man's registry that redirect to Chainguard's container registry.

License: MIT Build status

Run on Google Cloud


  • The public, free tier of Chainguard Images only serves latest tag. This could be of inconvenience so we build this to continously watching Chainguard registry for digest changes and extract the package version via SBOM. We then tag the image according with the packaged software version and serve via this proxy.


go run main.go server --config=config.yaml

How it works

actor U as User
participant RR as Proxy
participant DB as Local Digest Database
participant CG as Chainguard Images
U->>+RR: Pull command `nginx:1.0.0`
RR->>+DB: Check if digest existed for `nginx:1.0.0`
DB-->>-RR: Found digest for `nginx:1.0.0`
RR-->>-U: Return digest if found

loop Every x Minutes
RR->>CG: Periodically checking `latest` tag for digest change
RR->>DB: Save digest for this tag to local db

RR->>CG: Proxied every other APIs