Request for comments (RFC): Immutable tag support for container registry

Overview

We are exploring introducing immutable tag support within Bitbucket Cloud Packages, specifically in the Container Registry.

Immutable tags ensure that once an image is published, its tag cannot be overwritten or deleted. This helps strengthen security, improve reliability, and provide stronger guarantees around artifact integrity.

We would love your feedback on whether immutable tags are important for your workflows and whether enforcing immutability at the workspace level feels like the right approach.

Background

The Bitbucket Cloud Container Registry is now generally available, allowing teams to publish, manage and consume container images directly inside their workspaces. Images are linked to repositories and inherit repository permissions by default.

• Admin: Create packages linked to repositories and delete images

• Write: Push container images and delete image tags

• Read: Pull images from the registry

Container Registry is part of Bitbucket Cloud's native package management. We will expand support to ecosystems like NPM, Maven, PyPI, and NuGet, and improve authentication, workspace-wide access, and other features based on your feedback.

Across many conversations, customers have consistently highlighted that immutable tags are critical for both security and reliability. This RFC focuses on how we are thinking about delivering that capability.

Problem

Today, image tags can be overwritten or deleted. This can lead to situations where previously validated images change unexpectedly, pipelines pull different content under the same tag, incident debugging becomes more difficult, and compliance controls become harder to enforce.

For many teams, especially those operating in production or regulated environments, immutability is a prerequisite for adopting a registry as a trusted system.

Proposal

We propose immutable tags for Container Registry. Workspace admins can define patterns for tags that would be immutable for images in the workspace. Once created, such tags can’t be updated or deleted by developers. These patterns apply across all repositories and images to prevent misconfiguration.

We’d love your feedback

We'd love your thoughts on the proposed approach for immutable tags and views on:

• Are immutable tags important for your workflows, especially in production?

• Is workspace-level immutability the right default model?

• Are there scenarios where this approach feels too restrictive?

If you have feedback on the packages feature or other requests, please share them below. Your input will guide how we design and launch this and other capabilities. We will review responses, and adjust the approach as needed.

Your feedback is crucial to refining this feature to ensure it meets customer needs. Let us know what you think in the comments below.