GRC Store

Search / finos-ccc/ccc.cntrreg.cp / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.CntrReg.CP Capability Catalog

FINOS-CCC/CCC.CntrReg.CP

Capabilities for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.cntrreg.cp --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.cntrreg.cp:v2026.06-rc5
Manifest digest
sha256:374fad8cd16e25049ee1fe1c27e7cbd906d6c0a8d25121437bfe118102c910e5

Provenance

1 layer
Digest Media type Size
6a577ee2526d… application/vnd.gemara.artifact.v1+yaml 6.9 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.CntrReg.CP",
            "type": "CapabilityCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.cntrreg.cp",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/container-registry/capabilities.yaml",
            "uri": "file://artifacts/devtools/container-registry/capabilities.yaml",
            "digest": {
              "sha256": "6a577ee2526d658afb6a5c16cd777d78dfe3166d3031854fe49ca47e0ae9edfc"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:47:49.536605092Z",
          "finishedOn": "2026-06-01T17:47:49.648298784Z"
        },
        "byproducts": [
          {
            "name": "capabilities.yaml",
            "digest": {
              "sha256": "6a577ee2526d658afb6a5c16cd777d78dfe3166d3031854fe49ca47e0ae9edfc"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "capabilities.yaml",
      "type": "CapabilityCatalog",
      "id": "CCC.CntrReg.CP",
      "role": "artifact"
    }
  ]
}

CCC Container Registry Capabilities

Capabilities for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.CntrReg.CP
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

  1. CCC.CntrReg.CP01 Image Storage

    Ability to upload and securely store container images and image metadata.

  2. CCC.CntrReg.CP04 Lifecycle Policies

    Supports defining of policies for automatic expiry of unused or outdated images to manage storage effectively.

  3. CCC.CntrReg.CP07 Caching of Images

    Provides caching for faster access to frequently used images.

  4. CCC.CntrReg.CP08 Multi-platform Support

    Ability to store images built for different CPU architectures such as x86_64 (AMD/Intel), ARM64, and others within the same container image repository.

  5. CCC.CntrReg.CP09 Immutable Tags

    Prevent tags from being overwritten or deleted once they have been assigned to an image. This ensures that once a container image is tagged with a specific version or identifier, that tag remains associated with the same image throughout its lifetime.

  6. CCC.CntrReg.CP10 List Repositories

    Ability to list all public and private repositories in the container image registry.

  7. CCC.CntrReg.CP11 Edit Repository

    Ability to edit a public or private container image repository properties after being created.

  8. CCC.CntrReg.CP12 Delete Repository

    Ability to delete a public or private container image repository after being created.

  9. CCC.CntrReg.CP13 List Images

    Ability to list container images in a public or private container image repository.

  10. CCC.CntrReg.CP14 Delete Image

    Ability to delete a container image after being created.

  11. CCC.CntrReg.CP15 List Lifecycle Policies

    Ability to list lifecycle policies for container images in a public or private container repository.

  12. CCC.CntrReg.CP16 Edit Lifecycle Policy

    Ability to edit a lifecycle policy after being created.

  13. CCC.CntrReg.CP17 Delete Lifecycle Policy

    Ability to delete a lifecycle policy after being created.

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.CntrReg.CP02 Private Repositories

    Support for creating container image repositories that are restricted and only accessible by authorized users or services.

  2. CCC.CntrReg.CP03 Public Repositories

    Support for creating container image repositories that are open to the public. These repositories are used mainly for sharing container images.

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.CntrReg.CP05 Image Scanning

    Provides vulnerability scanning for container images (built-in or through integration to scanning services) to detect security issues and generate reports for known CVEs (Common Vulnerabilities and Exposures).

Orchestration

The Orchestration group covers entries related to coordinating and managing workloads across distributed systems. This includes container orchestration, job scheduling, CI/CD pipelines, build automation, and service mesh management.

  1. CCC.CntrReg.CP06 Integration with CI/CD Tooling

    Seamlessly integrates with CI/CD pipelines to automate pushing and pulling of container images.