Docker Hub Data Source

The Docker Hub connector enables you to ingest repository metadata, image tags, audit log events, organization membership data, team structures, access tokens, and pending invites from your Docker Hub account. Follow the instructions below to create a new data flow that ingests data from a Docker Hub source in Nexla.

Docker Hub

Create a New Data Flow

1. To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Then, select the desired flow type from the list, and click the Create button.

2. Select the Docker Hub connector tile from the list of available connectors. Then, select the credential that will be used to connect to the Docker Hub instance, and click Next; or, create a new Docker Hub credential for use in this flow.

3. In Nexla, Docker Hub data sources can be created using pre-built endpoint templates, which expedite source setup for common Docker Hub endpoints. Each template is designed specifically for the corresponding Docker Hub API endpoint, making source configuration easy and efficient.
   • To configure this source using a template, follow the instructions in Configure Using a Template.

   Docker Hub sources can also be configured manually, allowing you to ingest data from Docker Hub endpoints not included in the pre-built templates or apply further customizations to exactly suit your needs.
   • To configure this source manually, follow the instructions in Configure Manually.

Configure Using a Template

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Docker Hub endpoints. Each template is designed specifically for the corresponding Docker Hub API endpoint, making data source setup easy and efficient.

Endpoint Settings

• Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below. Click on an endpoint to see more information about it and how to configure your data source for this endpoint.

List repositories in a namespace

Returns a paginated list of all repositories within a specified Docker Hub namespace (a user account or organization). Use this endpoint to inventory repositories, audit repository visibility settings, or synchronize repository metadata with external systems.

• Enter the Docker Hub namespace whose repositories you want to list in the Namespace field. A namespace is either a Docker Hub username (for personal repositories) or an organization name (for organization-owned repositories). For example, enter mycompany to list all repositories belonging to the mycompany organization.

This endpoint uses page-based pagination and fetches up to 100 repositories per page. Nexla automatically handles pagination, so all repositories in the namespace will be ingested across multiple pages as needed. The authenticated user must have read access to the specified namespace.

Get a repository

Returns detailed metadata for a single Docker Hub repository, including its name, description, visibility (public or private), pull count, star count, and the date it was last updated. Use this endpoint when you need detailed information about a specific repository.

• Enter the Docker Hub namespace (username or organization name) that owns the repository in the Namespace field.
• Enter the name of the repository in the Repository field. For example, if the full repository path is mycompany/my-app, enter mycompany as the namespace and my-app as the repository name.

This endpoint returns a single record for the specified repository. The authenticated user must have read access to the repository.

List repository tags

Returns all tags for a specified repository, including digest, compressed image size, architecture details, and the last-pushed timestamp for each tag. Use this endpoint to audit image versions, track release history, or monitor image freshness across a repository.

• Enter the Docker Hub namespace that owns the repository in the Namespace field.
• Enter the repository name whose tags you want to list in the Repository field. For example, for the repository mycompany/my-app, enter mycompany and my-app respectively.

This endpoint uses page-based pagination and fetches up to 100 tags per page. Nexla automatically handles pagination to retrieve all tags. Tags with the name latest or semantic version strings such as v1.2.3 are common values you will encounter in the results.

Get a repository tag

Returns metadata for a single image tag within a repository, including the image digest, compressed size, supported architectures, and last-pushed date. Use this endpoint when you need precise information about a specific image version.

• Enter the Docker Hub namespace that owns the repository in the Namespace field.
• Enter the repository name in the Repository field.
• Enter the tag name to retrieve in the Tag field. Common tag values include latest, release identifiers such as v1.2.3, or environment-specific tags such as production or stable.

List audit log events

Returns a paginated list of audit log events for a Docker Hub account (organization or user namespace). Audit logs record actions such as repository pushes, image pulls, member changes, token creation, and settings updates. Use this endpoint for security monitoring, compliance reporting, and change tracking.

• Enter the Docker Hub namespace (organization name or username) whose audit log events you want to retrieve in the Account (Namespace) field. For example, enter mycompany to retrieve audit events for the mycompany organization.

Audit log access requires that the authenticated user is an owner or has appropriate administrative permissions within the specified namespace. The Docker Hub API supports additional query parameters for filtering audit logs by action type, actor, resource name, and time window — these can be applied using the manual configuration mode if needed.

List organization members

Returns a paginated list of all members belonging to a Docker Hub organization. Use this endpoint to audit organization membership, synchronize user rosters with external identity systems, or track role assignments.

• Enter the Docker Hub organization name whose members you want to list in the Organization Name field. The authenticated user must be a member of the organization to retrieve this data.

This endpoint uses page-based pagination and fetches up to 100 members per page. Nexla automatically handles pagination to retrieve all members.

List organization teams

Returns a paginated list of teams (referred to as "groups" in the Docker Hub API) within a Docker Hub organization. Use this endpoint to inventory teams, audit team structures, or synchronize team configurations with external systems.

• Enter the Docker Hub organization name whose teams you want to list in the Organization Name field.

Docker Hub uses the term "groups" internally in the API to refer to what the UI displays as "teams." This endpoint fetches up to 100 teams per page and Nexla handles pagination automatically.

Get organization settings

Retrieves the current settings for a Docker Hub organization, such as restricted image policies and member access configurations. Use this endpoint to audit organizational governance settings or track configuration changes over time.

• Enter the Docker Hub organization name whose settings you want to retrieve in the Organization Name field. The authenticated user must have owner-level access to the organization to read its settings.

Organization settings such as restricted images are available on Docker Hub Business plans. The response for organizations on lower-tier plans may return a limited set of settings fields.

List personal access tokens

Returns a paginated list of all Personal Access Tokens (PATs) associated with the authenticated Docker Hub user account, including token labels, UUIDs, scopes, and active status. Use this endpoint to audit existing tokens or track token lifecycle for security governance purposes.

• No additional parameters are required for this endpoint. Nexla will automatically retrieve all PATs for the authenticated user account.

This endpoint returns token metadata only — it does not return the actual token secret values, as those are only accessible at the time of creation. This endpoint fetches up to 100 tokens per page and Nexla handles pagination automatically.

List members of an organization team

Returns a paginated list of members belonging to a specific team (group) within a Docker Hub organization. Use this endpoint to audit team membership, verify access assignments, or synchronize team rosters with external systems.

• Enter the Docker Hub organization name that owns the team in the Organization Name field.
• Enter the team name whose members you want to list in the Team Name field. This corresponds to the group name as it appears in Docker Hub.

This endpoint uses page-based pagination and fetches up to 100 members per page. Nexla automatically handles pagination. The endpoint also supports filtering by username, full name, or email address using manual configuration if needed.

List organization pending invites

Returns all pending membership invitations for a Docker Hub organization. Use this endpoint to audit outstanding invitations, track onboarding status, or identify invitations that have not yet been accepted.

• Enter the Docker Hub organization name whose pending invites you want to retrieve in the Organization Name field. Only team owners have permission to view organization invitations.

This endpoint returns only invites that are still in a pending (unaccepted) state. Accepted or expired invitations will not appear in the results.

List organization access tokens (OATs)

Returns a paginated list of Organization Access Tokens (OATs) for a Docker Hub organization. OATs are distinct from personal PATs and are designed for organization-level automation and CI/CD pipelines. Use this endpoint to audit OAT configurations and active status across your organization.

• Enter the Docker Hub organization name whose OATs you want to list in the Organization Name field. The authenticated user must have owner-level permissions within the organization to access OAT data.

Organization Access Tokens (OATs) are a Docker Hub feature for organizations that need non-human service accounts to authenticate with the Docker Hub API. OAT metadata is returned, but the token secret values are not included in API responses after initial creation.

Endpoint Testing

Once the selected endpoint template has been configured, Nexla can retrieve a sample of the data that will be fetched according to the current settings. This allows users to verify that the source is configured correctly before saving.

• To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

• If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Configure Manually

Docker Hub data sources can be manually configured to ingest data from any valid Docker Hub API endpoint. Manual configuration provides maximum flexibility for accessing endpoints not covered by pre-built templates or when you need custom API configurations, such as adding audit log filters for specific time windows or action types.

With manual configuration, you can also create more complex Docker Hub sources, such as sources that use chained API calls to fetch data from multiple endpoints or sources that require custom request parameters.

API Method

1. To manually configure this source, select the Advanced tab at the top of the configuration screen.

2. Select the API method that will be used for calls to the Docker Hub API from the Method pulldown menu. The most common methods are:

   • GET: For retrieving data from the API — used by all Docker Hub read endpoints.
   • POST: For sending data to the API or triggering actions.

API Endpoint URL

3. Enter the URL of the Docker Hub API endpoint from which this source will fetch data in the Set API URL field. All Docker Hub API endpoints use the base URL https://hub.docker.com/v2/. For example:
   • https://hub.docker.com/v2/namespaces/myorg/repositories — lists repositories for the myorg namespace.
   • https://hub.docker.com/v2/auditlogs/myorg — retrieves audit log events for myorg.
   • https://hub.docker.com/v2/orgs/myorg/members — lists organization members.

The complete Docker Hub API reference, including all available endpoint URLs and their required parameters, is available at https://docs.docker.com/reference/api/hub/latest/.

Date/Time Macros (API URL)

Optional

Optionally, the API URL can be customized using macros—all macros added to the API URL will be converted into values when Nexla executes the API call. Macros are dynamic placeholders that allow you to create flexible API endpoints that can adapt to different time periods or data requirements. This is particularly useful for Docker Hub audit log endpoints that support from and to timestamp query parameters.

Date/time macros are especially useful when querying the Docker Hub audit logs endpoint with time-window parameters, enabling you to incrementally fetch only new audit log events on each run.

1. To add a macro, type { at the appropriate position in the API URL (within the Set API URL field), and select the desired macro from the dropdown list.

   • {now} – The current datetime
   • {now-1} – The datetime one time unit before the current datetime
   • {now+1} – The datetime one time unit after the current datetime
   • custom – Datetime macros can reference any number of time units before or after the current datetime—for example, enter (now-4) to indicate the datetime four time units before the current datetime

2. Select the format that will be applied to datetime macros from the Date Format for Date/Time Macro pulldown menu. This format will be applied to the base datetime value of the macro—i.e., the value of {now} in {now-1}.

3. Select the datetime unit that will be used to perform mathematical operations in the included macro(s) from the Time Unit for Operations pulldown menu—for example, for the macro {now-1}, when Day is selected, {now-1} will be converted to the datetime one day before the current datetime.

Lookup-Based Macros (API URL)

Optional

Column values from existing lookups can also be included as macros in the API URL. Lookup-based macros allow you to reference data from previously configured data sources or lookups, enabling dynamic API endpoints that can adapt based on existing data.

Lookup-based macros are useful for Docker Hub scenarios such as dynamically building tag list URLs from a repository list retrieved in a prior step, allowing multi-step data pipelines.

1. To include a lookup column value macro, select the relevant lookup from the Add Lookups to Supported Macros pulldown menu.

2. Type { at the appropriate position in the API URL, and select the lookup column-based macro from the dropdown list. Lookup-based macros are automatically populated into the macro list when a lookup is selected in the Add Lookups to Supported Macros pulldown menu.

Path to Data

Optional

If only a subset of the data returned by the Docker Hub API endpoint is needed, you can designate the part(s) of the response that should be included in the Nexset(s) produced from this source by specifying the path to the relevant data within the response. Docker Hub API responses frequently wrap result arrays inside a results or logs property along with pagination metadata.

For example, most Docker Hub list endpoints return a structure like {"count": 42, "results": [...]} — by entering $.results[*] as the path to data, Nexla will treat each element of the results array as an individual record.

Path to Data is essential when working with Docker Hub responses that use nested structures. Without specifying the correct path, Nexla may not be able to properly parse and organize your data into usable records.

• To specify which data should be treated as relevant in responses from this source, enter the path to the relevant data in the Set Path to Data in Response field.

  • For responses in JSON format, enter the JSON path that points to the object or array that should be treated as relevant data. JSON paths use dot notation (e.g., $.results[*] for the standard Docker Hub list response format, or $.logs[*] for audit log responses).
  Path to Data Example:

  For the Docker Hub List repositories endpoint, the response contains a top-level results array. Enter $.results[*] as the path to data so that Nexla treats each repository object as an individual record. For the audit logs endpoint, use $.logs[*] instead.

Autogenerate Path Suggestions

Nexla can also autogenerate data path suggestions based on the response from the API endpoint. These suggested paths can be used as-is or modified to exactly suit your needs.

• To use this feature, click the Test button next to the Set API URL field to fetch a sample response from the API endpoint. Suggested data paths generated based on the content & format of the response will be displayed in the Suggestions box below the Set Path to Data in Response field.

• Click on a suggestion to automatically populate the Set Path to Data in Response field with the corresponding path. The populated path can be modified directly within the field if further customization is needed.

  

Metadata

If metadata is included in the response but is located outside of the defined path to relevant data, you can configure Nexla to include this data as common metadata in each record. For Docker Hub API responses, this is useful for preserving pagination context (such as count or next page URLs) or request-level metadata that applies to all records in the result set.

Metadata paths are particularly useful for preserving Docker Hub API response context like total record counts, request timestamps, or pagination summary information that applies to all records in the response.

• To specify the location of metadata that should be included with each record, enter the path to the relevant metadata in the Path to Metadata in Response field.

  • For responses in JSON format, enter the JSON path to the object or array that contains the metadata.

Request Headers

Optional

• If Nexla should include any additional request headers in API calls to this source, enter the headers & corresponding values as comma-separated pairs in the Request Headers field (e.g., header1:value1,header2:value2). Additional headers may be required for specific Docker Hub API features such as content negotiation or API version pinning.

  You do not need to include the Authorization header in this field — Nexla automatically includes the bearer token from your Docker Hub credential in every API request.

Endpoint Testing

After configuring all settings for the selected endpoint, Nexla can retrieve a sample of the data that will be fetched according to the current configuration. This allows users to verify that the source is configured correctly before saving.

• To test the current endpoint configuration, click the Test button to the right of the endpoint selection menu. Sample data will be fetched & displayed in the Endpoint Test Result panel on the right.

• If the sample data is not as expected, review the selected endpoint and associated settings, and make any necessary adjustments. Then, click the Test button again, and check the sample data to ensure that the correct information is displayed.

Save & Activate the Source

1. Once all of the relevant steps in the above sections have been completed, click the Create button in the upper right corner of the screen to save and create the new Docker Hub data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.