The Problem: Dependency on Public Registries

Modern applications rely on dozens of public container images and Helm charts. This creates a significant business risk: what happens if Docker Hub, Quay.io, or a public Helm repository goes down? Deployments fail, and you are at the mercy of a third-party outage. Furthermore, enterprises often need to run in air-gapped environments or require security scans on all artifacts before they can be used.

My Solution: A Declarative Mirroring Engine

To solve this, I created artefact-mirror, an open-source project built entirely on GitHub Actions. It provides a simple, declarative way to pull, scan, and store all your critical third-party artifacts in your own private GitHub Container Registry.

The key features include:

• Declarative Configuration: Define all images and charts to be mirrored in simple, version-controlled YAML files.
• Multi-Version & Multi-Platform: Easily mirror multiple versions of an artifact and multiple CPU architectures (e.g., amd64, arm64) for each image.
• Automated & Parallel Execution: Uses a GitHub Actions matrix strategy to mirror artifacts in parallel for maximum speed and efficiency.
• Integrated Security Scanning: Automatically scans every container image for CRITICAL and HIGH severity vulnerabilities with Trivy before it’s stored.
• Nested Helm Chart Storage: Organizes mirrored Helm charts into a clean, vendor-specific hierarchy within your private OCI registry.

The Value: A Resilient & Secure Supply Chain

This tool gives any organization full control over its software supply chain. It eliminates dependencies on external registries, enhances security by ensuring all artifacts are scanned, and provides a stable, internal source of truth for all container and Helm dependencies.

• Repository Link: scalevector-io/artefact-mirror