diff --git a/content/manuals/docker-hub/_index.md b/content/manuals/docker-hub/_index.md index 71f8c076729d..4d0df196c2fa 100644 --- a/content/manuals/docker-hub/_index.md +++ b/content/manuals/docker-hub/_index.md @@ -20,6 +20,10 @@ grid: or the Docker community. icon: inbox link: /docker-hub/repos +- title: Settings + description: Learn about settings in Docker Hub. + icon: settings + link: /docker-hub/settings - title: Organizations description: Learn about organization administration. icon: store diff --git a/content/manuals/docker-hub/release-notes.md b/content/manuals/docker-hub/release-notes.md index 1e2f34f24560..f72c0b7fc1ec 100644 --- a/content/manuals/docker-hub/release-notes.md +++ b/content/manuals/docker-hub/release-notes.md @@ -13,6 +13,14 @@ tags: [Release notes] Here you can learn about the latest changes, new features, bug fixes, and known issues for each Docker Hub release. +## 2026-02-05 + +### New + +- Administrators can now prevent creating public repositories within + organization namespaces using the [Disable public + repositories](./settings.md#configure-disable-public-repositories) setting. + ## 2025-02-18 ### New diff --git a/content/manuals/docker-hub/repos/_index.md b/content/manuals/docker-hub/repos/_index.md index 7554387ac2f5..6e964577c110 100644 --- a/content/manuals/docker-hub/repos/_index.md +++ b/content/manuals/docker-hub/repos/_index.md @@ -53,7 +53,4 @@ In this section, learn how to: accessing analytics, and enabling vulnerability scanning. - [Archive](./archive.md) an outdated or unsupported repository. -- [Delete](./delete.md) a repository. -- [Manage personal settings](./settings.md): For your account, you can set personal - settings for repositories, including default repository privacy and autobuild - notifications. +- [Delete](./delete.md) a repository. \ No newline at end of file diff --git a/content/manuals/docker-hub/repos/settings.md b/content/manuals/docker-hub/repos/settings.md deleted file mode 100644 index 3b0f917d1eb3..000000000000 --- a/content/manuals/docker-hub/repos/settings.md +++ /dev/null @@ -1,52 +0,0 @@ ---- -description: Learn about personal repository settings in Docker Hub -keywords: Docker Hub, Hub, repositories, settings -title: Personal settings for repositories -linkTitle: Personal settings -toc_max: 3 -weight: 50 ---- - -For your account, you can set personal settings for repositories, including -default repository privacy and autobuild notifications. - -## Default repository privacy - -When creating a new repository in Docker Hub, you are able to specify the -repository visibility. You can also change the visibility at any time in Docker Hub. - -The default setting is useful if you use the `docker push` command to push to a -repository that doesn't exist yet. In this case, Docker Hub automatically -creates the repository with your default repository privacy. - -### Configure default repository privacy - -1. Sign in to [Docker Hub](https://hub.docker.com). -2. Select **My Hub** > **Settings** > **Default privacy**. -3. Select the **Default privacy** for any new repository created. - - - **Public**: All new repositories appear in Docker Hub search results and can be - pulled by everyone. - - **Private**: All new repositories don't appear in Docker Hub search results - and are only accessible to you and collaborators. In addition, if the - repository is created in an organization's namespace, then the repository - is accessible to those with applicable roles or permissions. - -4. Select **Save**. - -## Autobuild notifications - -You can send notifications to your email for all your repositories using -autobuilds. - -### Configure autobuild notifications - -1. Sign in to [Docker Hub](https://hub.docker.com). -2. Select **My Hub** > **Repositories** > **Settings** > **Notifications**. -3. Select the notifications to receive by email. - - - **Off**: No notifications. - - **Only failures**: Only notifications about failed builds. - - **Everything**: Notifications for successful and failed builds. - -4. Select **Save**. diff --git a/content/manuals/docker-hub/settings.md b/content/manuals/docker-hub/settings.md new file mode 100644 index 000000000000..cf191b9d0c72 --- /dev/null +++ b/content/manuals/docker-hub/settings.md @@ -0,0 +1,90 @@ +--- +description: Learn about settings in Docker Hub +keywords: Docker Hub, Hub, repositories, settings +title: Settings +weight: 25 +--- + +You can configure the following settings in Docker Hub: + +- [Default privacy](#default-privacy): Settings for all repositories within each + namespace +- [Notifications](#notifications): Personal settings for autobuild notifications + +## Default privacy + +You can configure the following default privacy settings for all repositories in +a namespace: + +- [Configure disable public repositories](#configure-disable-public-repositories): Prevent + organization users from creating public repositories (organization namespaces + only) +- [Configure default repository privacy](#configure-default-repository-privacy): + Set the default repository privacy for new repositories + + +### Configure disable public repositories + +{{< summary-bar feature_name="Disable public repositories" >}} + +Organization owners and editors can prevent creating public repositories within +organization namespaces. You cannot configure this setting for personal account +namespaces. + +To configure the disable public repositories setting for an organization +namespace: + +1. Sign in to [Docker Hub](https://hub.docker.com). +2. Select **My Hub**. +3. Select your organization from the top-left account drop-down. +4. Select **Settings** > **Default privacy**. +5. Toggle **Disable public repositories** to your desired setting. +6. Select **Save**. + +### Configure default repository privacy + +The default repository privacy setting is useful if you or others in your +organization use the `docker push` command to push to a repository that doesn't +exist yet. In this case, Docker Hub automatically creates the repository with +the default repository privacy for that namespace. + +> [!NOTE] +> +> You cannot configure the default repository privacy setting when **Disable +> public repositories** is enabled. + +To configure the default repository privacy for a namespace: + +1. Sign in to [Docker Hub](https://hub.docker.com). +2. Select **My Hub**. +3. Select your organization or account from the top-left account drop-down. +4. Select **Settings** > **Default privacy**. +5. In **Default repository privacy**, select the desired default privacy setting: + + - **Public**: All new repositories appear in Docker Hub search results and can be + pulled by everyone. + - **Private**: All new repositories don't appear in Docker Hub search results + and are only accessible to you and collaborators. In addition, if the + repository is created in an organization's namespace, then the repository + is accessible to those with applicable roles or permissions. + +6. Select **Save**. + +## Notifications + +You can send notifications to your email for all your repositories using +autobuilds. + +### Configure autobuild notifications + +1. Sign in to [Docker Hub](https://hub.docker.com). +2. Select **My Hub**. +3. Select your personal account from the top-left account drop-down. +4. Select **Settings** > **Notifications**. +5. Select the notifications to receive by email: + + - **Off**: No notifications. + - **Only failures**: Only notifications about failed builds. + - **Everything**: Notifications for successful and failed builds. + +6. Select **Save**. \ No newline at end of file diff --git a/content/manuals/enterprise/security/hardened-desktop/_index.md b/content/manuals/enterprise/security/hardened-desktop/_index.md index 44bba2cac39f..fb3123632bdd 100644 --- a/content/manuals/enterprise/security/hardened-desktop/_index.md +++ b/content/manuals/enterprise/security/hardened-desktop/_index.md @@ -28,6 +28,10 @@ grid: description: Restrict containers from accessing unwanted network resources. icon: "vpn_lock" link: /enterprise/security/hardened-desktop/air-gapped-containers/ + - title: "Namespace access" + description: Control whether organization members can push content to their personal namespaces. + icon: "folder_managed" + link: /enterprise/security/hardened-desktop/namespace-access/ weight: 60 --- @@ -52,6 +56,7 @@ Hardened Docker Desktop features work independently and together to create a def - Registry Access Management and Image Access Management prevent access to unauthorized container registries and image types, reducing exposure to malicious payloads - Enhanced Container Isolation runs containers without root privileges inside a Linux user namespace, limiting the impact of malicious containers - Air-gapped containers let you configure network restrictions for containers, preventing malicious containers from accessing your organization's internal network resources +- Namespace access controls whether organization members can push content to their personal Docker Hub namespaces, preventing accidental publication of images outside approved locations - Settings Management locks down Docker Desktop configurations to enforce company policies and prevent developers from introducing insecure settings, whether intentionally or accidentally ## Next steps diff --git a/content/manuals/enterprise/security/hardened-desktop/namespace-access.md b/content/manuals/enterprise/security/hardened-desktop/namespace-access.md new file mode 100644 index 000000000000..d533dd1b117c --- /dev/null +++ b/content/manuals/enterprise/security/hardened-desktop/namespace-access.md @@ -0,0 +1,53 @@ +--- +title: Namespace access control +linkTitle: Namespace access +description: Control whether organization members can push content to their personal namespaces on Docker Hub +keywords: namespace access, docker hub, personal namespace, organization security, docker business +tags: [admin] +weight: 50 +--- + +{{< summary-bar feature_name="Namespace access" >}} + +Namespace access control lets organization administrators control whether all +members of an organization can push content to their personal namespaces on +Docker Hub. This helps organizations prevent developers from accidentally +publishing images outside of approved, governed locations. + +When namespace access control is enabled, affected users can still view and pull images +from their personal namespaces and continue accessing all existing repositories +and content. However, they will no longer be able to create new repositories or +push new images to their personal namespace. + +> [!IMPORTANT] +> +> For users in multiple organizations, if namespace access control is enabled in +> any organization, that user cannot push to their personal namespace and cannot +> create new repositories in their personal namespace. + +### Configure namespace access control + +To configure namespace access control: + +1. Sign in to [Docker Home](https://app.docker.com/) and select your + organization from the top-left account drop-down. +2. Select **Admin Console**, then **Namespace access**. +3. Use the toggle to enable or disable namespace access control. +4. Select **Save changes**. + +Once namespace access control is enabled, organization members can still view their +personal namespace and existing repositories but they will not be able to create +any new repositories or push any new images to existing repositories. + +### Verify access restrictions + +After configuring namespace access control, test that restrictions work correctly. + +After any attempt to push to an existing repository in your personal namespace, +you'll see an error message like the following: + +```console +$ docker push /: +Unavailable +authentication required - namespace access restriction from an organization you belong to prevents pushing new content in your personal namespace. Restriction applied by: . Please contact your organization administrator +``` \ No newline at end of file diff --git a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md index a426a90c7ca0..b433b1e2053b 100644 --- a/content/manuals/enterprise/security/roles-and-permissions/core-roles.md +++ b/content/manuals/enterprise/security/roles-and-permissions/core-roles.md @@ -39,6 +39,7 @@ These permissions apply organization-wide, including all repositories in your or | Edit and delete publisher repository logos | ❌ | ✅ | ✅ | | Observe content engagement as a publisher | ❌ | ❌ | ✅ | | Create public and private repositories | ❌ | ✅ | ✅ | +| Disable public repositories | ❌ | ✅ | ✅ | | Edit and delete repositories | ❌ | ✅ | ✅ | | Manage tags | ❌ | ✅ | ✅ | | View repository activity | ❌ | ❌ | ✅ | @@ -68,6 +69,7 @@ beyond their organization role: | Export and reporting | ❌ | ❌ | ✅ | | Image Access Management | ❌ | ❌ | ✅ | | Registry Access Management | ❌ | ❌ | ✅ | +| Namespace access control | ❌ | ❌ | ✅ | | Set up Single Sign-On (SSO) and SCIM | ❌ | ❌ | ✅ \* | | Require Docker Desktop sign-in | ❌ | ❌ | ✅ \* | | Manage billing information (for example, billing address) | ❌ | ❌ | ✅ | diff --git a/content/manuals/platform-release-notes.md b/content/manuals/platform-release-notes.md index 81b6688ebe5a..abbc511fb6ce 100644 --- a/content/manuals/platform-release-notes.md +++ b/content/manuals/platform-release-notes.md @@ -12,6 +12,12 @@ tags: [Release notes, admin] This page provides details on new features, enhancements, known issues, and bug fixes across Docker Home, the Admin Console, billing, security, and subscription functionalities. +## 2026-02-05 + +### New + +- Administrators can now control whether organization members can push content to their personal namespaces on Docker Hub with [namespace access control](/manuals/enterprise/security/hardened-desktop/namespace-access.md). + ## 2026-01-27 ### New diff --git a/data/summary.yaml b/data/summary.yaml index 8fd6147eaa16..d1fd58771ff4 100644 --- a/data/summary.yaml +++ b/data/summary.yaml @@ -218,8 +218,14 @@ GitHub Actions cache: Hardened Docker Desktop: subscription: [Business] for: Administrators +Disable public repositories: + subscription: [Team, Business] + for: Administrators Image management: availability: Beta +Namespace access: + subscription: [Business] + for: Administrators Immutable tags: availability: Beta Import builds: