Enterprise Software Supply Chain Manager (ESSCM)IntegrationsContainer Images
OCI Registry
Connect Open Container Initiative compatible registries to generate SBOMs
OCI Registry Integration
Connect any Open Container Initiative (OCI) compatible registry to Safeguard for container image SBOM generation and vulnerability scanning.
Prerequisites
- Access to an OCI-compliant container registry
- Registry URL and credentials (for private registries)
Supported Registries
The OCI Registry integration supports any registry that implements the OCI Distribution Specification, including:
- Harbor
- Quay.io
- GitHub Container Registry (ghcr.io)
- GitLab Container Registry
- Azure Container Registry
- JFrog Artifactory
- Nexus Repository
- Self-hosted registries
Public Images
Step 1: Navigate to Integrations
Go to Integrations from the sidebar and click Connect on the OCI Registry card.
Step 2: Enter Image Reference
- Select the Public tab
- Enter a Name for this configuration
- Optionally add a Description
- Enter the Registry URL (e.g.,
ghcr.io) - Enter the Image Reference (e.g.,
owner/image:tag) - Click Add
Step 3: Review & Connect
- Configure Project Name and Version
- Click Connect to complete
Private Images
Step 1: Navigate to Integrations
Go to Integrations from the sidebar and click Connect on the OCI Registry card.
Step 2: Enter Registry Credentials
- Select the Private tab
- Enter a Name for this configuration
- Optionally add a Description
- Enter registry details:
- Registry URL - Base URL of the registry
- Username - Registry username
- Password/Token - Registry password or access token
- Click Verify Credentials
Step 3: Select Images
- Once verified, browse available repositories
- Select the images you want to scan
- Choose specific tags
Step 4: Configure & Connect
- Set Project Name and Version for each image
- Click Connect to complete
Common Registry Configurations
GitHub Container Registry (ghcr.io)
| Field | Value |
|---|---|
| Registry URL | ghcr.io |
| Username | Your GitHub username |
| Password | Personal Access Token with read:packages scope |
GitLab Container Registry
| Field | Value |
|---|---|
| Registry URL | registry.gitlab.com |
| Username | Your GitLab username |
| Password | Personal Access Token with read_registry scope |
Harbor
| Field | Value |
|---|---|
| Registry URL | Your Harbor instance URL |
| Username | Harbor username |
| Password | Harbor password or robot account token |
Quay.io
| Field | Value |
|---|---|
| Registry URL | quay.io |
| Username | Your Quay.io username |
| Password | Encrypted password or robot account token |
Troubleshooting
"Credentials verification failed"
- Verify the registry URL is correct and accessible
- Check that the username and password are correct
- Ensure the registry supports the OCI distribution spec
"Registry not reachable"
- Check network connectivity to the registry
- Verify the registry URL includes the correct protocol (https://)
- Check for firewall or proxy issues
"Image not found"
- Verify the image reference format matches the registry's requirements
- Check that the image and tag exist
- Ensure you have permission to access the image