- Overview
- Users
- Managing Models and Releases
- Uploading Artifacts
- Creating a Model
- Completing the Model
- Creating a Release
- Uploading Files
- Uploading Images
- Using a Model
- Requesting Access
- Personal Access Tokens
- Using a Pushed Docker Image
- Downloading files
- Model Mirroring
- Creating a Mirrored Model
- Editing a Mirrored Model Card
- Reviews
- Reviewing Releases and Access Requests
- Reviewing a Release
- Reviewing an Access Request
- Reviewed Releases and Access Requests
- Releases
- Access Requests
- Programmatically using Bailo
- Authentication
- Open API
- Webhooks
- Python Client
- Administration
- Getting Started
- App Configuration
- Microservices
- File Scanners
- Helm
- Basic Usage
- Configuration
- Isolated Environments
- Schema
- Create a Schema
- Upload a Schema
- Migrations
- Bailo v0.4
- Bailo v2.0
- DataBase Scripts
Isolated Environments
Bailo is built to be deployed on isolated environments, where access to the internet is strictly regulated. To install Bailo on a segregated environment you will need the following dependencies.
Helm Charts
We rely on the following Bitnami charts:
Docker Images
We rely on the following images:
- mongodb/mongodb-community-server:8.2.2-ubi9
- bitnami/minio:2025.7.23
- marlonb/mailcrab:v1.6.2
- nginxinc/nginx-unprivileged:1.28.0-alpine3.21-slim
- registry:3.0.0
- node:24.11.1-alpine
These are regularly updated. To retrieve the latest versions used, check ./compose.yaml and ./backend/Dockerfile.
These versions can be configured using the tag attribute for each image in values.yaml to override the defaults. In
general, keeping to the same major version will maintain compatibility with Bailo.
NPM
We rely on many NPM packages. The full list is available in package-lock.json, frontend/package-lock.json and
backend/package-lock.json. Most are standard packages with the exception of:
sharp, which is an optimised image transformer and requires some compilation tools.cypress, which is a user interface testing tool and requires a Chromium download.
sharp includes instructions on installing / building without internet here.
Instructions on installing cypress without internet are available
here.
Trivy Database
To give greater visibility of Bailo's registry and it's containing images, some environments may use Trivy to scan for threats, packages and more.
In order for the scanner to keep up to date with current threats of images in isolated environments, Trivy may require a custom setup to pull the necessary database.
There are a number of environment variables that can be configured to customise the database. They are configured in our
artefactscan container and all prefixed with TRIVY_:
-
TRIVY_DB_HOSTNAME=ghcr.io- Host to retrieve the database from -
TRIVY_DB_IMAGE=ghcr.io/aquasecurity/trivy-db:2- Image to retrieve the database from -
TRIVY_DB_TLS_VERIFY=True- Enable or disable TLS verification or use a path to point to a custom certificate -
TRIVY_DB_INSECURE=False- Enable if database host is not using TLS or has a custom certificate implementation -
TRIVY_DB_USERNAME- Registry login username -
TRIVY_DB_PASSWORD- Registry login password
Copyright © Crown Copyright 2026.