Trade-fair · 12 months free
Your free year of OrbitalReg starts here.
OrbitalReg is the self-hosted artifact registry with a verify-on-pull gate that blocks vulnerable, unsigned, or unlicensed packages before they reach your developers or CI — across 40+ package formats, online or air-gapped.
Every pull is policy-checked. If it doesn't pass your rules, it doesn't leave the registry.
Other registries store artifacts. OrbitalReg stores artifacts and guards what gets out — declaratively, per-repo, with a full audit trail.
CVE policy
Block pulls on critical/high CVEs. Allow-list for exemptions with expiry dates.
Signature verify
CMS, OpenPGP, RSA, Sigstore. Unverified artifacts never leave the gate.
SBOM provenance
Reject artifacts without a valid SBOM. Trace transitive dependencies on every pull.
License rules
Deny copyleft or unknown licenses by repo. Tag what's compatible with your stack.
Self-hosted
Your hardware, your data, your terms — no SaaS lock-in.
40+ formats
Docker, Maven, npm, NuGet, PyPI, Helm, RubyGems and more — one registry.
Air-gapped ready
First-class offline mode for regulated and isolated environments.
Code redeemed — check your inbox.
Your 12-month license key is on its way, together with a sign-in link to your fresh OrbitalReg portal account. Both arrive in one email within a minute.
Didn't get anything? Check spam, or email info@orbitalreg.com.