Supported Registries
ImageSentinel works with any OCI-compliant container registry:
Cloud Registries
- • Amazon ECR
- • Google Container Registry (GCR)
- • Google Artifact Registry
- • Azure Container Registry (ACR)
- • GitHub Container Registry (GHCR)
Self-Hosted
- • Docker Hub
- • Harbor
- • JFrog Artifactory
- • Nexus Repository
- • GitLab Container Registry
Amazon ECR
terminal
# Authenticate with ECR
aws ecr get-login-password --region us-east-1 | \
docker login --username AWS --password-stdin \
123456789.dkr.ecr.us-east-1.amazonaws.com
# Harden and push to ECR
imagesentinel harden myapp:latest \
--sign --sbom \
--push 123456789.dkr.ecr.us-east-1.amazonaws.com/myapp:hardenedGoogle Artifact Registry
terminal
# Authenticate with Google Cloud
gcloud auth configure-docker us-central1-docker.pkg.dev
# Harden and push to Artifact Registry
imagesentinel harden myapp:latest \
--sign --sbom \
--push us-central1-docker.pkg.dev/my-project/my-repo/myapp:hardenedAzure Container Registry
terminal
# Authenticate with ACR
az acr login --name myregistry
# Harden and push to ACR
imagesentinel harden myapp:latest \
--sign --sbom \
--push myregistry.azurecr.io/myapp:hardenedGitHub Container Registry
terminal
# Authenticate with GHCR
echo $GITHUB_TOKEN | docker login ghcr.io -u USERNAME --password-stdin
# Harden and push to GHCR
imagesentinel harden myapp:latest \
--sign --sbom \
--push ghcr.io/myorg/myapp:hardenedHarbor
terminal
# Authenticate with Harbor
docker login harbor.example.com
# Harden and push to Harbor
imagesentinel harden myapp:latest \
--sign --sbom \
--push harbor.example.com/myproject/myapp:hardened
# Harbor supports Cosign signatures natively
# Signatures will appear in the Harbor UIRegistry Authentication
ImageSentinel uses your Docker credentials for registry authentication. Ensure you're logged in before pushing:
terminal
# Check current registry authentication
docker login
# The CLI uses credentials from:
# - ~/.docker/config.json
# - Docker credential helpers
# - Environment variables (for CI/CD)