UDS Registry: DoD Software Catalog

Defense Unicorns's profile picture
Defense Unicorns

Software delivery in the DoD isn’t getting any easier. The complexity of managing secure, compliant software across classified, airgapped, and tactical environments has only grown. Operators need software when and where they need it, not months later, buried under layers of bureaucracy and security hurdles.

That’s why we built UDS Registry—a lightweight, purpose-built registry that ensures mission-critical applications are easily discoverable, securely managed, and rapidly deployable. Unlike traditional container registries, UDS Registry doesn’t just store software—it makes it usable, visible, and secure from day one.

Why Another Registry?

There are already plenty of registries out there, but none of them solve the problem that UDS Registry does.

They weren’t built for airgapped, highly regulated, and mission-critical environments.

As Jeff McCoy, one of the architects behind UDS Registry, put it:

"If you were to take these exact same artifacts and put them into Harbor or Docker Hub or any other registry, you wouldn't have any of this data."

Traditional registries just store containers. UDS Registry does much more.

  • Tracks vulnerabilities in real-time, so teams understand the risk posture of their software before deploying it.
  • Preserves full security metadata, ensuring compliance in disconnected environments.
  • Optimizes for low-resource environments, running on just 0.13 CPUs and 27MB of RAM.
  • Gives teams full control over their software—no reliance on external cloud services or vendor lock-in.

We built UDS Registry because Harbor was too heavy, Docker Hub was too open, and existing solutions didn’t give us the security insights we needed.

"We wanted to build something that we could fully control and would give us all the things we needed, and then we could iterate on quickly." — Jeff McCoy

So we did.

What Makes UDS Registry Different?

It’s Built for Operators, Not Just Developers

Most registries are designed for developers shipping to production, not operators in the field who need to deploy and manage secure software in airgapped environments.

UDS Registry is designed for both.

  • Full Software Bill of Materials (SBOM) – Know exactly what’s inside every package.
  • Versioning & Rollback Support – Revert to stable builds when needed.
  • Namespace Management – Organize software by unit, platform, or security classification.

If software delivery stalls missions, it’s not working. UDS Registry ensures it does.

Security is Built In, Not Bolted On

Most registries assume you have external security tooling to manage vulnerabilities. That doesn’t work in classified, disconnected, or tactical environments.

UDS Registry bakes security in from the start.

  • Automated CVE Scanning – Every package is scanned for vulnerabilities before deployment.
  • Immutable Packages – Signed and validated, so nothing changes between environments.
  • ATO-Ready Documentation (Coming Soon) – Security & Compliance data bundled with packages to speed up approvals.

"The idea is just giving you all the data that you don't have today." — Jeff McCoy

With UDS Registry, security isn’t a separate step—it’s part of the package.

API-Driven for Automation and Integration

Most defense systems rely on manual approvals, spreadsheets, and slow-moving processes. That’s not sustainable.

UDS Registry is fully API-driven, making it easy to automate deployment workflows.

"Everything you're looking at is API-driven. So the pieces, even the CVE accounts, all those things that you're seeing, are driven by that." — Jeff McCoy

This means:

  • Seamless integration with CI/CD pipelines
  • Automated compliance checks before deployment
  • Faster, repeatable deployments without human bottlenecks

If it’s not able to be automated, it’s not scalable. UDS Registry makes secure software deployment scalable.

What UDS Registry is NOT

Not every tool solves every problem. UDS Registry isn’t trying to be everything—it’s trying to be the best at what it does.

🚫 Not a replacement for CI/CD – It integrates with existing DevSecOps tools but doesn’t replace them.

🚫 Not a runtime monitoring solution – It ensures software is secure before deployment, not after.

🚫 Not a generic artifact repository – It’s designed specifically for UDS and Zarf packages (for now).

🚫 Not a ClickOps tool – It’s API-first, built for automation.

Why It Matters

We built UDS Registry because defense software delivery is broken. The old way—manual approvals, fragmented tools, and inconsistent deployments—doesn’t scale.

Mission teams need:

Faster Deployments – No more waiting months for software approvals.

Stronger Security – No more deploying vulnerable packages without knowing it.

Consolidated Visibility – No more guessing what’s inside a package or who’s responsible for it.

More Control – No more reliance on third-party registries with unknown security postures.

If software supply chain security matters to you, UDS Registry isn’t optional—it’s essential.

Want to Learn More?

Check out the UDS Registry Docs page here. https://uds.defenseunicorns.com/registry/overview/

Software delivery for defense and national security doesn’t have to be slow, insecure, or frustrating. UDS Registry proves there’s a better way.

Related Articles

UDS: ATO in Days, Not Months
UDS: ATO in Days, Not Months
The Strategic Reasons for DevSecOps
The Strategic Reasons for DevSecOps
Defense Unicorns Transforms Software Delivery to the Tactical Edge for U.S. Department of Defense
Defense Unicorns Transforms Software Delivery to the Tactical Edge for U.S. Department of Defense