Image data

Image data is stored in IBM Cloud Object Storage, which is encrypted at rest, and encrypted in transit between IBM Cloud Container Registry and IBM Cloud Object Storage. For more information about IBM Cloud Object Storage, see About IBM Cloud Object Storage.

Data that is stored in IBM Cloud Container Registry is backed up regularly. For more information, see High availability and disaster recovery.

Scanning data

To scan images and containers in your account for security issues, IBM Cloud Container Registry collects, stores, and processes the following information:

• Free-form fields, including IDs, descriptions, and image names (registry, namespace, repository name, and image tag)
• Metadata about the file modes and creation timestamps of the configuration files
• The content of system and application configuration files in images and containers
• Installed packages and libraries (including their versions)

Scan results, aggregated at a data center level, are processed to produce anonymized metrics to operate and improve the service. Scan results are deleted 30 days after they are generated. For more information, see Data protection.

Do not put personal information into any field or location that IBM Cloud Container Registry processes, as identified in the preceding list.

Deleting the service

When an IBM Cloud account is canceled or removed, the resource instances that track the account's usage of IBM Cloud Container Registry are deleted. As part of that action all namespaces, and the images that they contain, are removed in accordance with the data retention policy.

The IBM Cloud Container Registry data retention policy describes how long your data is stored after you delete the service. The data retention policy is included in the IBM Cloud Container Registry service description, which you can find in the Service Description for IBM Cloud in the IBM Cloud Terms and Notices.

Deleting namespaces

If you no longer require a registry namespace, you can remove the namespace from your IBM Cloud account. Deleting a namespace removes all images, trash, and trust information that is contained in the namespace. For more information, see Removing namespaces.

Deleting images

You can delete unwanted images from your private repository by using either the IBM Cloud console or the CLI. For more information, see Deleting images from your private repository.

You can clean up your namespace by choosing to retain only the most recent images in each repository in that namespace in IBM Cloud Container Registry. You can detect and delete old images from all the repositories in a namespace by running a one-off command ibmcloud cr retention-run, or by setting a scheduled policy by running the ibmcloud cr retention-policy-set command. For more information, see Cleaning up your namespaces.

Deleting private repositories

You can delete private repositories that are no longer required, and any associated images, by using the IBM Cloud console. For more information, see Deleting a private repository and any associated images.