Hi Robin,

One feature that could be great is to get a mirror repository for packages (nuget, docker, npm...) where :

• package and version are validated (not upgrade automatically)
• transitives packages dependencies are also checked

The mains goals of a such approach is :

1. being totally independent of any external service : my CI can be offline (no internet connection) and I'm still able to build !
2. precise control of dependency : any dependency other that one in these private mirrors are not available, protect against some supply chain attacks.

Thanks