JuliaHub 26.3 brings substantial new capabilities to the platform. Customer Administrators take direct ownership of private package registries and IQOQ qualification activities. Security teams get on-demand CVE scanning across Julia codebases — including private registries hosted on JuliaHub — via a native Trivy integration. The audit log expands with five new event categories that compliance teams can act on right away. And a set of usability improvements lifts day-to-day work for everyone using JuliaHub.
In This Update (TL;DR)
Vulnerability Scanning with Trivy: On-demand CVE detection for Julia codebases and packages, including those hosted on private registries on JuliaHub.
Self-Service Private Registries: Customer Administrators can set up and maintain private package registries directly.
Self-Service IQOQ: The IQOQ qualification application is automatically available to Customer Administrators on every instance, allowing them to do qualification themselves.
Compute Resource Governance: Administrators can set a default and per user CPU, GPU and job count limits as a baseline guardrail on compute consumption.
Expanded Audit Coverage: Five new categories of audit events covering customer-admin role changes, application version management, and project-collection activity.
Vulnerability Scanning with Trivy
Trivy, the open-source vulnerability scanner, is now natively integrated into JuliaHub. A scan can be triggered from the CLI or the JuliaHub UI, and it walks the full dependency tree of a Julia project against an up-to-date CVE database.
The key capability for enterprise customers: Trivy authenticates against private registries hosted on JuliaHub. Reports come out in JSON and HTML, ready for ingestion into existing security pipelines.
For security teams running Julia at enterprise scale, CVE visibility is now part of the platform itself.
Self-Service Private Registries
Customer Administrators can set up and maintain private package registries directly — initial registry creation, package additions, and ongoing maintenance, all from the Customer Admin surface.
The change has the most impact on JuliaHub-managed cloud installs, where Platform Admin lives with JuliaHub staff and Customer Admin lives with the customer organization. In 26.3, registry maintenance is fully customer-owned, with no dependence on Platform Admin involvement.
For self-managed installations, this puts the same registry-management capability at the Customer Admin layer that Platform Admin already had.
Self-Service IQOQ for Customer Administrators
The IQOQ (Installation Qualification / Operational Qualification) application — which generates timestamped PDF compliance reports for regulated environments — is automatically available to every Customer Administrator on every JuliaHub instance in 26.3.
This makes IQOQ a first-day capability. For organizations in pharma, financial services, aerospace, or any other regulated industry, a Customer Administrator can run a qualification report the moment a new instance comes online — with no setup step and no Platform Admin in the loop.
Administrative Governance for Compute Resources
Administrators can now set compute resource limits for all jobs. The limit applies to all job submissions unless explicitly overridden, giving administrators a baseline governance posture and a guardrail on shared cluster capacity. The following three user limits have a global default and a per-user override: Max Concurrent vCPUs, Max Concurrent Jobs, and Max Concurrent GPUs.
For organizations running JuliaHub as shared infrastructure across multiple teams, the default ceiling means cost and capacity discipline are platform-enforced, set once at the admin level.
Collaboration and Usability Improvements
A handful of changes that won't make a headline but will quietly improve every day:
5 GB Project Uploads. Project file uploads now support files up to 5 GB, matching the Git LFS maximum.
Shared Project Job Visibility. Project jobs are visible to all project editors and viewers, not only the user who launched them. Teams can audit and build workflows around each other's results directly.
Cleaned Project File Modal. The "Upload new version" button appears only on Datasets, where versioning actions apply.
Merge-Only Enforcement. Administrators can disable the "Overwrite" button in the Project merge-conflict window, keeping users on the safer "Merge" path.
Usage Reports in the Admin Menu. Usage Reports live alongside the rest of the administrative tooling.
Quieter Workstation Booting. Windows Workstations start up cleanly, without verbose loading messages.
Audit Transparency
Audit logging expands in 26.3 with five new event categories that give compliance teams a much richer view of platform activity directly from the audit log:
Role Adjustments — events when a user is assigned to or removed from the Customer Admin role.
Job Metadata — job audit events include the product and job type, so activity can be sliced by workload.
Application Version Management — creating, adding, modifying, or deleting application versions produces audit events.
Human-Readable Collections — Project Collection events use human-readable names alongside internal identifiers.
Traceable Project Logs — Project audit events include the project name alongside the internal identifier.
For teams running continuous audit-log reviews, the new events translate directly into clearer reports.
Patch Release 26.3.1
A targeted patch shipped as 26.3.1 shortly after 26.3. Upgrade is recommended for all customers.
Project Access Hardening. Strengthened access controls so jobs are validated against explicit project ACLs before submission.
Cross-User Project Scanning. Customer Administrators can now scan projects belonging to other users, completing the cross-user scanning surface introduced in 26.3.
Looking Ahead
The updates in JuliaHub 26.3 are part of a deliberate direction: making the platform an environment where engineering and compliance teams operate with more administrative autonomy. Removing intermediate operational steps means faster, more predictable platform work for the teams that depend on it.
Subsequent releases in the 26.x series will continue in that direction — listening to what customers tell us matters most. For full release notes and per-issue references, see the JuliaHub release notes.
