Red Hat declares Quay code open

Red Hat declares Quay code open

Red Hat has open sourced the code behind Project Quay, the six year old container registry it inherited through its purchase of CoreOS.

The code in question powers both Red Hat Quay and Quay.IO, and also includes the Clair open source security project which was developed by the Quay team, and integrated with the registry back in 2015.

In the blog post announcing the move, Red Hat principal software engineer – and CoreOS alumnus – Joey Schorr, wrote, “We believe together the projects will benefit the cloud-native community to lower the barrier to innovation around containers, helping to make containers more secure and accessible.”

The move “represents the open sourcing of the Quay application’s code base, including the necessary tooling to build, deploy and run a completely open source Quay distribution.”

When it comes to Clair, Schorr said the two projects “have always been closely aligned”. Clair enables the container security scanning feature in Red Hat Quay, which helps users identify known vulnerabilities in their container registries. 

“Clair was created in the open source community in an effort to improve security through open work amongst vendors and users alike.” he continued. “With increased security needs in mind, Clair is also directly built into Project Quay.”

The most recent version of Quay is 3.1, which hit last month. New features in that release included repository mirroring, and read-only repositories, as well as automated setup, and support for RHOCs3/NooBaa. The 3.0 release in May was the first major release by Red Hat following its purchase of CoreOS, and extended support for “IBM Power LE and Z, ARM-based IoT devices and Windows-based workloads”.

You can access the whole shebang right here.