Container registries, in particular those in Docker containers, are what make containers such a strong platform. With registries, you can create a central repository of images that are easily and quickly downloadable. Nevertheless, in all their glory, they do come with a lot of security risks if you do not utilize a trusted registry that you’ve conducted thorough research on, such as Docker Trusted Registry. With the Docker registry, you install it behind the firewall already implemented in your IT infrastructure to alleviate the risks internet poses, but even then, you should still deny users to upload or download from the registry.
While it can be very tempting to avoid all this work and give open access, this little inconvenience could prevent a large breach in the registry. A helpful tactic to resolve this temptation it to implement role-based access control, giving you the ability to control exactly who can access what, in terms of the registries.