The Question Every Tech Leader Should Ask

What happens when Docker Hub is down and you need to deploy a critical fix to production?

For too many organizations, the answer is “we wait.” A dependency on public, third-party registries is a massive, often unacknowledged, risk in the modern software supply chain. It introduces a single point of failure that is completely outside of your control.

Today, I’m excited to launch an open-source project to solve this problem: Artefact Mirror.

What is Artefact Mirror?

Artefact Mirror is a simple yet powerful system, built on GitHub Actions, that allows you to create a resilient, private mirror of all your essential public container images and Helm charts. By defining a simple list of artifacts in a YAML file, the system automatically pulls them, scans them for vulnerabilities, and pushes them to your private GitHub Container Registry on a schedule.

It’s a “set it and forget it” solution for taking back control of your dependencies.

Key Features

The project was designed with professional DevOps practices in mind:

• Fully Declarative: You manage a simple YAML file. The workflow handles the rest. Adding a new version to mirror is a one-line change.
• Multi-Platform Ready: Need to support both amd64 and arm64 for your images? Simply list the platforms, and the workflow creates a multi-arch manifest for you.
• Security-First: Every image is automatically scanned with Trivy for CRITICAL and HIGH severity vulnerabilities before being stored, ensuring a basic level of security vetting for your artifacts.
• Efficient & Parallel: The system uses a GitHub Actions matrix strategy to mirror dozens of artifacts in parallel, making it incredibly fast.

Here is an example of how easy it is to configure:

# configs/images.yaml
images:
  - name: 'hashicorp/vault'
    versions: ['1.19.0', '1.19.5']
    source_registry: 'docker.io'
    platforms: ['linux/amd64', 'linux/arm64']