Environment


Aqua CSP  4.6/5.0



Problem

 

Gitlab Registry is not a supported integration, but we can connect to pull images using Docker(v1/v2).


Summary


For this integration to be successful you should be on 4.6.20126 (update 10) or later.

Pulling a specific image (also specifying its tag name) from an integrated Docker image registry (v1/v2) fails when setting Pull and Scan images to automatic. We should not have to specify the /v2/_catalog, since we know the exact image name. (Testing the registry connection works with the Docker API /v2/_catalog.)


Finally when following the steps, you will get the below error, 



This basically indicates that we do not have enough permissions to be able to get the repository list, hence we receive an unauthorized. 


Solution


You could save the previous configuration above and you will be able to register images by specifying the full path, check the example below, in which an image has been pushed to the Gitlab registry, 



We could scan and as consequence register that image by clicking "Add Images" and specify the full repository/image path and Aqua will be able to pull the different tags available after its selection, 


 


Regardless of the authorization error this seems to be a limitation of this type of registry integration as already indicated on our documentation, 



There could be the possibility of correct the 401 Unauthorized error, by contacting Gitlab support to be able to provide those credentials (user/password) with the correct set of permissions.



Related information

https://support.aquasec.com/a/solutions/articles/16000103155?portalId=16000023059

https://docs.aquasec.com/docs/46-update-10

https://support.gitlab.com/hc/en-us

https://docs.aquasec.com/docs/image-registries-and-repositories