- Overview
- Getting Started
- Quick Start Guide
- Core Concepts
- Users
- Models
- Creating a Model
- Model Card
- Creating a Release
- Uploading Files
- Uploading Images
- Model Templating
- Data Cards
- Creating a Data Card
- Managing Data Cards
- Using a Model
- Browsing the Marketplace
- Requesting Access
- Using a Pushed Docker Image
- Downloading Files
- Reviews
- Understanding Reviews
- Reviewing
- Reviewing a Release
- Reviewing an Access Request
- Reviewing a Model Card Lifecycle
- Review Outcomes
- Security Scanning
- File Scanning
- Image Scanning
- Inferencing
- Creating an Inference Service
- Managing Inference Services
- Model Mirroring
- Creating a Mirrored Model
- Editing a Mirrored Model Card
- Untrusted Models
- Untrusted Models
- Deletion
- Deleting a File
- Deleting a Model
- Soft Deletion
- Programmatic Access
- Authentication
- Personal Access Tokens
- Python Client
- OpenAPI Reference
- Webhooks
- Administration
- Getting Started
- Deployment Architecture
- App Configuration
- Model Lifecycle Configuration
- Schemas
- Understanding Schemas
- Create a Schema
- Upload a Schema
- Schema Migrations
- Review Roles
- Managing Review Roles
- Assigning Roles to Schemas
- Federation
- Peer Integration
- Microservices
- Artefact Scanners
- Helm
- Basic Usage
- Configuration
- Isolated Environments
- Migrations
- Bailo v0.4
- Bailo v2.0
- DataBase Scripts
- Reference
- Glossary
- Roles & Permissions
- Troubleshooting & FAQ
Isolated Environments
Bailo is built to be deployed on isolated environments, where access to the internet is strictly regulated. To install Bailo on a segregated environment you will need the following dependencies.
Common questions this page answers:
- How do I deploy Bailo in an air-gapped environment?
- What dependencies does Bailo need for offline deployment?
- How do I configure the Trivy database in an isolated environment?
Helm charts
Bailo's Helm chart depends on Bitnami charts:
Docker images
These container images must be available in your connected registry:
- mongodb/mongodb-community-server:8.x-ubi9
- bitnamilegacy/minio:2025.x
- marlonb/mailcrab:v1.x
- nginxinc/nginx-unprivileged:1.x-alpine3.x-slim
- registry:3.x
- node:26.x-alpine
These are regularly updated. To retrieve the latest versions used, check ./compose.yaml and ./backend/Dockerfile.
These versions can be configured using the tag attribute for each image in values.yaml to override the defaults. In
general, keeping to the same major version will maintain compatibility with Bailo.
NPM
Bailo relies on many NPM (Node Package Manager) packages. The full list is available in package-lock.json,
frontend/package-lock.json and backend/package-lock.json. Most are standard packages with the exception of:
sharp, which is an optimised image transformer and requires some compilation toolscypress, which is a user interface testing tool and requires a Chromium download
sharp includes instructions on installing / building without internet here.
Instructions on installing cypress without internet are available
here.
Trivy database
In isolated environments, Trivy may need custom configuration to access its vulnerability database.
To give greater visibility of Bailo's registry and it's containing images, some environments may use Trivy to scan for threats, packages and more.
In order for the scanner to keep up to date with current threats of images in isolated environments, Trivy may require a custom setup to pull the necessary database.
There are a number of environment variables that can be configured to customise the database. They are configured in our
artefactscan container and all prefixed with TRIVY_:
-
TRIVY_DB_HOSTNAME=ghcr.io- Host to retrieve the database from -
TRIVY_DB_IMAGE=ghcr.io/aquasecurity/trivy-db:2- Image to retrieve the database from -
TRIVY_DB_TLS_VERIFY=True- Enable or disable TLS (Transport Layer Security) verification or use a path to point to a custom certificate -
TRIVY_DB_INSECURE=False- Enable if database host is not using TLS or has a custom certificate implementation -
TRIVY_DB_USERNAME- Registry login username -
TRIVY_DB_PASSWORD- Registry login password
Copyright © Crown Copyright 2026.
