OrbitalReg Sign in →

Self-hosted artifact registry · Established 2024

Your packages,
in your orbit.

Your hardware. Your data. Your terms. OrbitalReg is the self-hosted artifact registry for teams who need to own what they ship — 40+ formats, native CVE detection, signature-verified pulls, and first-class air-gap mode, all in one Go binary.

Try it free — 30 days → See the product Or see pricing

Trust signals

Five things your procurement team will ask about — answered.

Drop-in migration

Importers for every major registry.

Open-source roots

Postgres · MinIO · Sigstore · Helm.

SOC 2 Type II

Audit in progress.

ISO 27001

Controls mapped to product.

EU sovereignty

GDPR-compliant · hosted in Frankfurt.

Why now

Most enterprise tooling is drifting away from sovereignty.

The artifact-registry market followed the rest of the industry toward SaaS-first delivery, per-user pricing, and roadmaps shaped by analyst-friendly enterprises. That's the right path for some teams. For everyone else, the available choices have been getting steadily less attractive.

Modern package ecosystems — twenty-plus that didn't exist a decade ago — have outgrown the format-specific-repository designs of the previous generation of tools. Security features that should be always-on are gated behind separate licences. On-prem deployment becomes an upcharge instead of the default.

For regulated industries, defence, finance, public sector — and the long tail of operators who simply want to own what they run — OrbitalReg is what we'd build if we were starting now. Self-hosted by default. Customer sovereignty over the entire data path.

What you get

Everything an enterprise registry should be — in one binary.

01

40+ package formats

Maven, npm, PyPI, Docker, Helm, Cargo, RubyGems, NuGet, Conan, Nix, Argo Workflows, Deno, Homebrew, Ollama, Kustomize, OPA Bundles — and 25 more.

One unified API surface for all of them.

02

Native CVE detection

Trivy and Grype scan every artifact at upload and on demand. Results stay on your hardware — no upstream calls unless you opt in.

Sigstore signature verification + provenance checks integrated.

03

Verify-on-pull gates

Cryptographic signature verification before any artifact leaves the registry. CMS, OpenPGP, RSA, Sigstore — all supported. Pulls of unverified artifacts are blocked at the gate.

Customisable per-repo policies.

04

Air-gapped by default

Fresh installations block all outbound calls. Operators explicitly opt in to webhooks, telemetry, and external CVE feeds. The default is the safest setting.

Tested for true offline operation — no surprise phone-homes.

05

Build-info provenance

Every artifact carries its CI run, commit SHA, builder identity, and Sigstore signature. Trace any binary back to its source. Promote builds across environments with confidence.

GitHub Actions, GitLab CI, Jenkins — all wire up natively.

06

GitOps-native

Terraform provider, Kubernetes operator, and the orbital CLI ship out of the box. Helm chart with an air-gapped tarball variant. Your registry, declarative.

No microservice sprawl, no sidecars.

Security included

Every security feature.
Every tier. Always on.

Most artifact registries gate security behind separate licences, add-on products, or higher tiers. OrbitalReg ships every feature in every tier — including the €100 design-partner tier. Security is the product, not an upcharge.

Supply-chain integrity

  • + Sigstore signature verification at push and pull
  • + X.509, OpenPGP, CMS, RSA — every common signing scheme
  • + Trust-bundle management with key rotation
  • + Build-info provenance: CI run, commit SHA, builder identity
  • + Promotion gates that re-verify between environments

Runtime defense

  • + Trivy + Grype CVE scanning on every artifact
  • + Pull-gate policy engine — block by severity, CVE-ID, format, tag
  • + Auto-quarantine on new CVE disclosure
  • + Verify-on-pull policy enforcement, per-repo
  • + Human-readable "why blocked" responses for developers

Identity & access

  • + OIDC token exchange — GitLab CI, GitHub Actions, Kubernetes
  • + Scoped API tokens with format-agnostic, human-readable permissions
  • + Service accounts with role-based access
  • + SAML / SSO + SCIM user provisioning
  • + Project-scoped quotas + retention policies

Audit & sovereignty

  • + Structured JSON audit log — SIEM-ready out of the box
  • + Reverse-dependency lookup for security forensics
  • + Air-gapped mode is one config flip — no outbound calls, no heartbeat, no update check
  • + No usage telemetry, no per-user metering — outbound is the anonymous daily license heartbeat plus the opt-in update check; both off in air-gap mode
  • + ISO 27001 controls mapped, SOC 2 evidence engine built-in

Comparison without names

Security features
typically sold separately.

  • CVE-scanning engines — separate licence
  • Signature verification — plugin-only
  • Sigstore native integration — Enterprise tier
  • OIDC for CI — Enterprise tier
  • SAML / SSO — Enterprise tier
  • SIEM-grade audit log — feature flag
  • Air-gapped deployment — upcharge
  • Compliance attestations — paid add-on

All of the above ship in OrbitalReg from the €100 design-partner tier upward. Security is the product.

See it in action

From upload to verified pull, in real product UI.

Six surfaces a customer engineer touches in their first week. Use the arrows or the dots to step through.

Mission Control dashboard with KPIs and format adapters

01 / 06

Mission control, day one

Projects, repositories, open findings and active trust bundles at a glance — plus every format adapter the registry serves.

Our principles

Four commitments we hold ourselves to.

01

Self-hosted by default

We build software customers install, not software customers subscribe to. Deployable on your hardware, your cluster, your air-gapped network.

02

Sovereignty over your data

Self-hosted means your traffic stays yours. We do not meter, we do not gate features behind consent. Outbound is limited to a daily anonymous license-state heartbeat — install ID, version, license state, nothing about your users, repos, or artifacts. Disabled entirely in air-gap mode.

03

Predictable cost, forever

Per-deployment pricing — never per-user. A lifetime price cap on multi-year contracts. No renewal-time surprises, no audit-driven true-ups.

04

Engineering integrity

Every release passes human code review before shipping. We publish reproducible builds, SBOMs, and Sigstore signatures so what runs in your cluster is provably what we wrote. Breaking changes get disclosed early; we never silently deprecate.

How it fits

Sits between three things — and stays out of the way of the rest.

Between CI and developers

Build artifacts land here from GitHub Actions, GitLab CI, Jenkins, Tekton — with build-info envelopes intact. Developers pull them with the registry CLI of their choice, or via OrbitalReg's own orbital tool.

Between you and the public web

OrbitalReg can proxy upstream registries (npm, Maven Central, Docker Hub, PyPI) with a configurable cache horizon — or it can refuse to talk outbound at all. Your call.

Between security and ops

Detection runs continuously; security policies block pulls that violate them. Ops sees one service with a single Postgres and a single S3-compatible bucket. No microservice sprawl.

Pricing

Three honest paths.
One lifetime promise.

Per-deployment, not per-user. Per-licence, not per-environment. We do not limit environment scaling — most providers do. Predictable annual fee, capped for life if you commit long-term.

Design Partner · Limited cohort

€100/year

1 cluster licence · feedback in exchange for full access

  • 1 cluster licence, full-featured access
  • Shape the product roadmap
  • Optional graduation to Commercial after year 1

You commit to: regular feedback calls, use-case sharing, beta-testing new features, a public quote we can use after the trial.

Commercial · Year 1 entry

€10,000 in year 1

3 cluster licences · upgrade to Lifetime-locked for multi-year price guarantee

  • 3 cluster licences (dev, main, prod)
  • Scale up your clusters — unlimited. Add clusters, regions, replicas — no per-instance fees, ever
  • Email support during business hours
  • All security features always-on, no upcharge

Long-term Partner · Lifetime price lock

Lifetime-locked

Multi-year contract · sized to your company · the price you sign for never rises

  • Lifetime price guarantee — the price never rises, ever
  • Sized to your company — fair pricing, no enterprise list-price markup
  • Multi-year contract (3 years), price locked for the entire term
  • 3 cluster licences (dev, main, prod) · scale each unlimited
  • Roadmap influence + 24/7 support optional add-on

Lifetime promise

What you will never pay for.

  • Per-user fees
  • Per-environment scaling charges
  • Per-replica or per-cluster surcharges
  • Security-feature unlocks
  • Mandatory upgrade fees
  • Renewal-time price hikes

Self-hosted means we cannot see your usage. We bill what we agree on, year after year. No metering, no surprise audit clauses, no "true-up" invoices.

Prices in EUR. Multi-year pricing requires a 3-year commitment to lock the cap; renewal at the same cap is at your option, never ours.

Invite-only access

We're onboarding our first cohort of customers now.

Saw something in the walkthrough that fits? Tell us what you're building, what you're running today, and where a self-hosted registry would help — we'll take it from there.