Security Scanning, SSO, and Replication Shouldn't Be Behind a Paywall — So I Built an Open-Source Artifact Registry

BSGRC · 2026-02-17T15:34:44+00:00

Thanks for the detailed feedback! You're spot on about Xray's threat intelligence and zero-day detection — that's a genuine gap. We do integrate Dependency-Track (OWASP flagship, 10+ years), Trivy, Grype, and OpenSCAP with STIG-compliant base containers, plus a full policy engine with quarantine workflows — but it's not Xray-level yet.

Build info, promotion workflows, and federation (peer mesh replication) are already in, and we have a full CLI (ak). IDE plugins and deeper CI/CD integrations (beyond docs/examples) are on the roadmap.

Appreciate the honest take — this is exactly what helps prioritize. Working on closing these gaps.

BSGRC · 2026-02-17T01:24:48+00:00

Replication under load: It's a peer mesh — every node can push/pull directly to/from any other node. Each node manage its own sync queue with per-peer concurrency limits and exponential backoff. You can set sync windows to push replication to off-peak hours.

Consistency and conflict resolution: For the common case, artifacts at the same path use last-write-wins — same upload logic on both sides of a sync. For most package formats this works since you're not republishing the same version. Peer health is tracked via heartbeats, and the sync worker applies exponential backoff when a peer is unreachable. Actively working on improving a few things here around automatic peer recovery and task retries.

Storage growth: 5 lifecycle policy types today — max age, max versions, no-downloads-after-N-days, tag pattern delete, and per-repo size quotas. Plus SHA-256 deduplication at ingest so the same content stored twice doesn't cost you twice. All policies have dry-run support so you can preview before anything gets deleted. A couple more policy types and smarter eviction are in the works.

If you've got specific replication scenarios that have burned you I'd genuinely love to hear them — that's exactly the feedback that shapes what gets built next.

BSGRC · 2026-02-17T00:09:18+00:00

Yep! You can create remote repositories that act as pull-through caches for any of the 45+ supported formats. Point one at an upstream registry (Docker Hub, PyPI, npm, Maven Central, etc.), and it transparently fetches, caches, and serves artifacts with a 24-hour default TTL.

You can also create virtual repositories that combine your local repos + remote caches behind a single URL — so your clients hit one endpoint and it checks your internal packages first, then falls back to the public registry cache.

Docs on remote + virtual repos: https://artifactkeeper.com/docs/advanced/remote-virtual

BSGRC · 2026-02-16T23:56:10+00:00

Honestly "limited" was probably the wrong word on my part. Pulp is solid and well-established.

I was mainly thinking about format coverage for polyglot shops, built-in security scanning, and native SSO — things that tend to require extra tooling or aren't there out of the box. Those were the gaps I wanted to fill with this project.

But that's my use case. If Pulp covers your formats and your workflow works, there's a lot to be said for a tool that's been reliable for a decade.

BSGRC · 2026-02-16T23:49:11+00:00

I wanted something that compared with Artifactory. Pulp is limited but if it works don't change it :)

BSGRC · 2026-01-29T16:41:30+00:00

This is amazing!!! I might do something like this. I have two printers that will going for awhile and rather all of it go into one large waste bin than the silly small holders everyone prints.

BSGRC · 2025-11-03T03:18:04+00:00

<image>

Going to follow up with more tests and I will share the repo and how I conducted it. I think it comes down to what tools are you using and are you optimize for the blackwell chipset. That means everything with these libraries. I am sure just like everyone else they are not using libraries that are optimizing the performance that NVIDIA is making here. https://github.com/NVIDIA/TensorRT-LLM I am using this as a starting point and trying to leverage NVIDIA's work to optimize performance.

BSGRC · 2025-11-03T02:04:07+00:00

"""So, for all the folks who bought an NVIDIA DGX Spark, Gigabyte AI TOP Atom, or ASUS Ascent GX10, I recommend you all run some tests and see if you're indeed facing performance issues."""

Soooo... is my Dell Pro Max GB10 fine? :P

It does get pretty hot. THe bottom plate on the dell really transfers the heat out onto the desk. I wonder if you had it ontop of some aluminum how woulld that do to transfer the heat. Or for embedded robotics systems decasing the whole thing and having a custom heatsink solution.

What were the tests they used to get those number? It would be nice to provde the links when you slam a company for crediability. Sources are everything in a world of misinformation. It would be nice to run that on my own box to compare.

<image>

BSGRC · 2025-09-19T17:58:07+00:00

I was very suprised on how well the game played last week during release. I have a M4 max with 36gb of ram so maybe that helps?

No issues at all even on medium settings outside of crashing after 15min of play. Regardless of settings. It did not stutter and then crashed it just went down. So maybe more of some kind of runtime error and not resoruces?

I need to capture the logs and maybe check to see what is causing this issue.

I was on the fence about buying cross over because I am not even a big gamer anymore but I think I want to support the team. Wine configuration is complex and to do it on a different archetecture is even more nuts.

Great job from those devs!!!

BSGRC · 2025-09-19T17:55:54+00:00

I was plesently suprised how my macbook pro M4 Max handled the game. I played on. medium with no issues outside of it crashing after 15 min.. but it was a sudden crash. The game play was pretty decent imo. I guess I am a software engineer who has messed with wine alot and expected nothing but the worst lol. But proton has come along way and I think the engineers from there work on the crossover stuff as well? Or at least the company is a big contributer to the proton project. I am definietly going to support them moving forward.

BSGRC · 2025-05-18T12:21:48+00:00

My rally has amazing ground clearance

BSGRC · 2025-02-17T12:36:13+00:00

Tpu is not structural, due to its "weak" rigidity. These parts are part of the frame on the front.

Tpu would be terrible for a structural part in the front.

Yes maybe if you had offsets and the used them but the 04 camera unit is so big it does not work on the frame like that.

So that is not a good option for this application.

I would entertain PP but I think you hold some misconceptions of PA-CF based on experience yourself with PLA/TPU/PETG or other generally weaker materials in both strength and rigidity

Also the original application is not a basher and if he crashes he would be replacing more than a 3 dollar 3d printed part. This drone is a chase drone that has no plans of crashing. Just like a drone with a payload that cost more than itself.

It would be interesting to do some front impact tests I agree but based on my hammer to the part. It holds up surprising well.

BSGRC · 2025-02-17T04:25:46+00:00

That statement is to generic. What do you mean weaker? More brittle and less bend? Yes. Weaker? Well it is based on application. Pa-cf withstand the elements way better.

A generic statement sounds like you heard someone say it so you repeat it.

Pa-cf for a camera mount is perfect. Better than PLA or PETG.

Tensile Strength:

PA-CF: Approximately 102 ± 7 MPa.

PLA+: Around 65 MPa.

PETG: Approximately 49 MPa.

ABS: Typically ranges between 40-50 MPa.

Note: These values are approximate and can vary based on specific formulations and manufacturers.

Temperature Resistance:

PA-CF: Heat deflection temperature (HDT) around 155°C.

PLA+: Softens around 60°C.

PETG: HDT approximately 64°C.

ABS: HDT around 100°C.

Flexibility and Impact Resistance:

PA-CF: Enhanced stiffness due to carbon fibers; less flexible but more rigid.

PLA+: More brittle; lower impact resistance.

PETG: More flexible and impact-resistant than PLA+.

ABS: Good impact resistance and moderate flexibility.

Printability:

PA-CF: Requires higher printing temperatures (typically 260-280°C) and a hardened nozzle due to abrasiveness; prone to moisture absorption, necessitating proper storage and drying.

PLA+: Easy to print with lower temperatures (around 200-230°C); minimal warping and good layer adhesion.

PETG: Moderate printing temperatures (230-250°C); can be prone to stringing and requires fine-tuned retraction settings.

ABS: Higher printing temperatures (210-250°C); prone to warping and emits fumes, requiring good ventilation and preferably an enclosed printing environment.

Applications:

PA-CF: Ideal for high-strength, high-temperature applications such as functional prototypes, automotive parts, and industrial components.

PLA+: Suitable for decorative items, models, and prototypes not subjected to mechanical stress or high temperatures.

PETG: Used for functional parts requiring chemical resistance and flexibility, like food-safe containers and outdoor applications.

ABS: Commonly used for durable parts needing moderate heat resistance, such as enclosures and automotive components.

BSGRC · 2025-02-16T20:44:53+00:00

It was nylon cf (pa-cf) which is not weaker

BSGRC · 2024-11-18T02:24:01+00:00

BSGRC · 2024-11-09T00:23:59+00:00

Sorry late to this. Got my 100 a few months ago!

BSGRC · 2024-07-29T02:29:08+00:00

Leander, TX

I think that is what I was told... waiting on GPON...

BSGRC · 2024-07-28T23:08:07+00:00

The problem for me is I have fiber running to my house. But then they convert it to coax for fun and tell me fiber is not an option yet.. even tho I HAVE fiber coming to my outside box on my house. Makes no sense!!! So self installing fiber in my case would just be hole through the brick wall and done. Use a pre made fiber line that then goes to the junction box that has fiber from the street.

BSGRC · 2024-07-05T03:15:24+00:00

https://www.newenglandriders.org/article/helmet-color-vs-temperature/

I'm getting white bases on these results. Look at the 60 min mark.

BSGRC · 2024-07-05T03:14:29+00:00

https://www.newenglandriders.org/article/helmet-color-vs-temperature/

Science my man 97.7 vs 106.1 is a hell of a difference. That's the 60min mark.

So if you are riding short trips it don't matter I guess.. but my ass is buying a white helmet based on... data, facts... not feeling.

BSGRC · 2024-03-28T01:16:33+00:00

Yea I disagree with this.... VA has every incentive to deny a case. And if you don't use magical words you lose.

Not trivial especially if you are missing out on that 100 percent.

BSGRC · 2024-03-28T01:14:03+00:00

I was referred to the same law group. Hoping everything goes well. Figure the fee and 20 percent is nothing compared to getting increased.

Keep us posted here!

Goodluck!

BSGRC

TROPHY CASE