Nexus Repository Helps Developers Overcome New Docker Hub Rate Limits

Development teams building applications use Nexus Repository (Nexus) to store and manage all of their components, build artifacts, and containers. It provides an efficient way to locally cache myriad types of software packages, and enables users to proxy public registries such as Maven Central, npm, and Docker Hub to reduce duplicate downloads and improve speeds to developers and CI servers. 

Recently, Docker announced that it will rate limit pulls of the images it hosts on Docker Hub. As of November 1, 2020, free plan anonymous users will be limited to 100 pulls per six hours (based on individual IP address) and free plan authenticated users will be limited to 200 pulls per six hours (based on account, no IP address). 

How Docker Hub Rate Limits Impact Developers 

The Docker community has 6.7 million registered developers and over 15 petabytes of container images stored on Docker Hub. Knowing ~30% of this massive Docker Hub footprint is free user inactive images, which incur storage charges on a monthly basis, Docker finally decided it needed to focus on its business to stay afloat, and changed the pricing model to consumption-based subscriptions. While the right decision for Docker, these new rate limits will result in problems for millions of developers and software supply chains that run builds using public images on Docker Hub. 

Problem One: Throttling Errors

Non-paying (anonymous or authenticated) Docker Hub users will hit the 100 / 200 per six hour rate limits rather quickly when building from a parent image or pulling a public image to run. This will introduce throttling errors to your applications and CI/CD tools.

Problem Two: Unavailable Images

Docker has stated a policy for free account plans which will delete any image that has been inactive for over six months. This (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Brent Kostak. Read the original post at: