[{"data":1,"prerenderedAt":678},["ShallowReactive",2],{"/de-de/blog/categories/engineering":3,"navigation-de-de":20,"banner-de-de":423,"footer-de-de":433,"engineering-category-page-total-items-de-de":638,"engineering-category-page-featured-de-de":639,"engineering-category-page-4-de-de":668},{"id":4,"title":5,"body":6,"category":6,"config":7,"content":11,"description":6,"extension":12,"meta":13,"navigation":14,"path":15,"seo":16,"slug":6,"stem":18,"testContent":6,"type":6,"__hash__":19},"blogCategories/de-de/blog/categories/engineering.yml","Engineering",null,{"template":8,"slug":9,"hide":10},"BlogCategory","engineering",false,{"name":5},"yml",{},true,"/de-de/blog/categories/engineering",{"title":5,"description":17},"Browse articles related to Engineering on the GitLab Blog","de-de/blog/categories/engineering","2aDT2ddISb3_jPr0pKFELw8NlkxcUsQZ7Dd93XB3ya8",{"data":21},{"logo":22,"freeTrial":27,"sales":32,"login":37,"items":42,"search":351,"minimal":386,"duo":404,"pricingDeployment":413},{"config":23},{"href":24,"dataGaName":25,"dataGaLocation":26},"/de-de/","gitlab logo","header",{"text":28,"config":29},"Kostenlose Testversion anfordern",{"href":30,"dataGaName":31,"dataGaLocation":26},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de&glm_content=default-saas-trial/","free trial",{"text":33,"config":34},"Vertrieb kontaktieren",{"href":35,"dataGaName":36,"dataGaLocation":26},"/de-de/sales/","sales",{"text":38,"config":39},"Anmelden",{"href":40,"dataGaName":41,"dataGaLocation":26},"https://gitlab.com/users/sign_in/","sign in",[43,70,166,171,272,332],{"text":44,"config":45,"cards":47},"Plattform",{"dataNavLevelOne":46},"platform",[48,54,62],{"title":44,"description":49,"link":50},"Die intelligente Orchestrierungsplattform für DevSecOps",{"text":51,"config":52},"Erkunde unsere Plattform",{"href":53,"dataGaName":46,"dataGaLocation":26},"/de-de/platform/",{"title":55,"description":56,"link":57},"GitLab Duo Agent Platform","Agentische KI für den gesamten Softwareentwicklungszyklus",{"text":58,"config":59},"Lerne GitLab Duo kennen",{"href":60,"dataGaName":61,"dataGaLocation":26},"/de-de/gitlab-duo-agent-platform/","gitlab duo agent platform",{"title":63,"description":64,"link":65},"Gründe, die für GitLab sprechen","Erfahre, warum Unternehmen auf GitLab setzen",{"text":66,"config":67},"Mehr erfahren",{"href":68,"dataGaName":69,"dataGaLocation":26},"/de-de/why-gitlab/","why gitlab",{"text":71,"left":14,"config":72,"link":74,"lists":78,"footer":148},"Produkt",{"dataNavLevelOne":73},"solutions",{"text":75,"config":76},"Alle Lösungen anzeigen",{"href":77,"dataGaName":73,"dataGaLocation":26},"/de-de/solutions/",[79,104,126],{"title":80,"description":81,"link":82,"items":87},"Automatisierung","CI/CD und Automatisierung zur Beschleunigung der Bereitstellung",{"config":83},{"icon":84,"href":85,"dataGaName":86,"dataGaLocation":26},"AutomatedCodeAlt","/de-de/solutions/delivery-automation/","automated software delivery",[88,92,95,100],{"text":89,"config":90},"CI/CD",{"href":91,"dataGaLocation":26,"dataGaName":89},"/de-de/solutions/continuous-integration/",{"text":55,"config":93},{"href":60,"dataGaLocation":26,"dataGaName":94},"gitlab duo agent platform - product menu",{"text":96,"config":97},"Quellcodeverwaltung",{"href":98,"dataGaLocation":26,"dataGaName":99},"/de-de/solutions/source-code-management/","Source Code Management",{"text":101,"config":102},"Automatisierte Softwarebereitstellung",{"href":85,"dataGaLocation":26,"dataGaName":103},"Automated software delivery",{"title":105,"description":106,"link":107,"items":112},"Sicherheit","Entwickle schneller, ohne die Sicherheit zu gefährden",{"config":108},{"href":109,"dataGaName":110,"dataGaLocation":26,"icon":111},"/de-de/solutions/application-security-testing/","security and compliance","ShieldCheckLight",[113,117,122],{"text":114,"config":115},"Application Security Testing",{"href":109,"dataGaName":116,"dataGaLocation":26},"Application security testing",{"text":118,"config":119},"Schutz der Software-Lieferkette",{"href":120,"dataGaLocation":26,"dataGaName":121},"/de-de/solutions/supply-chain/","Software supply chain security",{"text":123,"config":124},"Software Compliance",{"href":125,"dataGaName":123,"dataGaLocation":26},"/de-de/solutions/software-compliance/",{"title":127,"link":128,"items":133},"Bewertung",{"config":129},{"icon":130,"href":131,"dataGaName":132,"dataGaLocation":26},"DigitalTransformation","/de-de/solutions/visibility-measurement/","visibility and measurement",[134,138,143],{"text":135,"config":136},"Sichtbarkeit und Bewertung",{"href":131,"dataGaLocation":26,"dataGaName":137},"Visibility and Measurement",{"text":139,"config":140},"Wertstrommanagement",{"href":141,"dataGaLocation":26,"dataGaName":142},"/de-de/solutions/value-stream-management/","Value Stream Management",{"text":144,"config":145},"Analysen und Einblicke",{"href":146,"dataGaLocation":26,"dataGaName":147},"/de-de/solutions/analytics-and-insights/","Analytics and insights",{"title":149,"items":150},"GitLab für",[151,156,161],{"text":152,"config":153},"Enterprise",{"href":154,"dataGaLocation":26,"dataGaName":155},"/de-de/enterprise/","enterprise",{"text":157,"config":158},"Kleinunternehmen",{"href":159,"dataGaLocation":26,"dataGaName":160},"/de-de/small-business/","small business",{"text":162,"config":163},"den öffentlichen Sektor",{"href":164,"dataGaLocation":26,"dataGaName":165},"/de-de/solutions/public-sector/","public sector",{"text":167,"config":168},"Preise",{"href":169,"dataGaName":170,"dataGaLocation":26,"dataNavLevelOne":170},"/de-de/pricing/","pricing",{"text":172,"config":173,"link":175,"lists":179,"feature":259},"Ressourcen",{"dataNavLevelOne":174},"resources",{"text":176,"config":177},"Alle Ressourcen anzeigen",{"href":178,"dataGaName":174,"dataGaLocation":26},"/de-de/resources/",[180,213,231],{"title":181,"items":182},"Erste Schritte",[183,188,193,198,203,208],{"text":184,"config":185},"Installieren",{"href":186,"dataGaName":187,"dataGaLocation":26},"/de-de/install/","install",{"text":189,"config":190},"Kurzanleitungen",{"href":191,"dataGaName":192,"dataGaLocation":26},"/de-de/get-started/","quick setup checklists",{"text":194,"config":195},"Lernen",{"href":196,"dataGaLocation":26,"dataGaName":197},"https://university.gitlab.com/","learn",{"text":199,"config":200},"Produktdokumentation",{"href":201,"dataGaName":202,"dataGaLocation":26},"https://docs.gitlab.com/","product documentation",{"text":204,"config":205},"Best-Practice-Videos",{"href":206,"dataGaName":207,"dataGaLocation":26},"/de-de/getting-started-videos/","best practice videos",{"text":209,"config":210},"Integrationen",{"href":211,"dataGaName":212,"dataGaLocation":26},"/de-de/integrations/","integrations",{"title":214,"items":215},"Entdecken",[216,221,226],{"text":217,"config":218},"Kundenerfolge",{"href":219,"dataGaName":220,"dataGaLocation":26},"/de-de/customers/","customer success stories",{"text":222,"config":223},"Blog",{"href":224,"dataGaName":225,"dataGaLocation":26},"/de-de/blog/","blog",{"text":227,"config":228},"Remote",{"href":229,"dataGaName":230,"dataGaLocation":26},"https://handbook.gitlab.com/handbook/company/culture/all-remote/","remote",{"title":232,"items":233},"Vernetzen",[234,239,244,249,254],{"text":235,"config":236},"GitLab-Services",{"href":237,"dataGaName":238,"dataGaLocation":26},"/de-de/services/","services",{"text":240,"config":241},"Community",{"href":242,"dataGaName":243,"dataGaLocation":26},"/community/","community",{"text":245,"config":246},"Forum",{"href":247,"dataGaName":248,"dataGaLocation":26},"https://forum.gitlab.com/","forum",{"text":250,"config":251},"Veranstaltungen",{"href":252,"dataGaName":253,"dataGaLocation":26},"/events/","events",{"text":255,"config":256},"Partner",{"href":257,"dataGaName":258,"dataGaLocation":26},"/de-de/partners/","partners",{"backgroundColor":260,"textColor":261,"text":262,"image":263,"link":267},"#2f2a6b","#fff","Perspektiven für die Softwareentwicklung der Zukunft",{"altText":264,"config":265},"the source promo card",{"src":266},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758208064/dzl0dbift9xdizyelkk4.svg",{"text":268,"config":269},"Lies die News",{"href":270,"dataGaName":271,"dataGaLocation":26},"/de-de/the-source/","the source",{"text":273,"config":274,"lists":276},"Unternehmen",{"dataNavLevelOne":275},"company",[277],{"items":278},[279,284,290,292,297,302,307,312,317,322,327],{"text":280,"config":281},"Über",{"href":282,"dataGaName":283,"dataGaLocation":26},"/de-de/company/","about",{"text":285,"config":286,"footerGa":289},"Karriere",{"href":287,"dataGaName":288,"dataGaLocation":26},"/jobs/","jobs",{"dataGaName":288},{"text":250,"config":291},{"href":252,"dataGaName":253,"dataGaLocation":26},{"text":293,"config":294},"Geschäftsführung",{"href":295,"dataGaName":296,"dataGaLocation":26},"/company/team/e-group/","leadership",{"text":298,"config":299},"Team",{"href":300,"dataGaName":301,"dataGaLocation":26},"/company/team/","team",{"text":303,"config":304},"Handbuch",{"href":305,"dataGaName":306,"dataGaLocation":26},"https://handbook.gitlab.com/","handbook",{"text":308,"config":309},"Investor Relations",{"href":310,"dataGaName":311,"dataGaLocation":26},"https://ir.gitlab.com/","investor relations",{"text":313,"config":314},"Trust Center",{"href":315,"dataGaName":316,"dataGaLocation":26},"/de-de/security/","trust center",{"text":318,"config":319},"AI Transparency Center",{"href":320,"dataGaName":321,"dataGaLocation":26},"/de-de/ai-transparency-center/","ai transparency center",{"text":323,"config":324},"Newsletter",{"href":325,"dataGaName":326,"dataGaLocation":26},"/company/contact/#contact-forms","newsletter",{"text":328,"config":329},"Presse",{"href":330,"dataGaName":331,"dataGaLocation":26},"/press/","press",{"text":333,"config":334,"lists":335},"Kontakt",{"dataNavLevelOne":275},[336],{"items":337},[338,341,346],{"text":33,"config":339},{"href":35,"dataGaName":340,"dataGaLocation":26},"talk to sales",{"text":342,"config":343},"Support-Portal",{"href":344,"dataGaName":345,"dataGaLocation":26},"https://support.gitlab.com","support portal",{"text":347,"config":348},"Kundenportal",{"href":349,"dataGaName":350,"dataGaLocation":26},"https://customers.gitlab.com/customers/sign_in/","customer portal",{"close":352,"login":353,"suggestions":360},"Schließen",{"text":354,"link":355},"Um Repositories und Projekte zu durchsuchen, melde dich an bei",{"text":356,"config":357},"gitlab.com",{"href":40,"dataGaName":358,"dataGaLocation":359},"search login","search",{"text":361,"default":362},"Vorschläge",[363,365,370,372,377,382],{"text":55,"config":364},{"href":60,"dataGaName":55,"dataGaLocation":359},{"text":366,"config":367},"Code Suggestions (KI)",{"href":368,"dataGaName":369,"dataGaLocation":359},"/de-de/solutions/code-suggestions/","Code Suggestions (AI)",{"text":89,"config":371},{"href":91,"dataGaName":89,"dataGaLocation":359},{"text":373,"config":374},"GitLab auf AWS",{"href":375,"dataGaName":376,"dataGaLocation":359},"/de-de/partners/technology-partners/aws/","GitLab on AWS",{"text":378,"config":379},"GitLab auf Google Cloud",{"href":380,"dataGaName":381,"dataGaLocation":359},"/de-de/partners/technology-partners/google-cloud-platform/","GitLab on Google Cloud",{"text":383,"config":384},"Warum GitLab?",{"href":68,"dataGaName":385,"dataGaLocation":359},"Why GitLab?",{"freeTrial":387,"mobileIcon":392,"desktopIcon":397,"secondaryButton":400},{"text":388,"config":389},"Kostenlos testen",{"href":390,"dataGaName":31,"dataGaLocation":391},"https://gitlab.com/-/trials/new/","nav",{"altText":393,"config":394},"GitLab-Symbol",{"src":395,"dataGaName":396,"dataGaLocation":391},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203874/jypbw1jx72aexsoohd7x.svg","gitlab icon",{"altText":393,"config":398},{"src":399,"dataGaName":396,"dataGaLocation":391},"https://res.cloudinary.com/about-gitlab-com/image/upload/v1758203875/gs4c8p8opsgvflgkswz9.svg",{"text":181,"config":401},{"href":402,"dataGaName":403,"dataGaLocation":391},"https://gitlab.com/-/trial_registrations/new?glm_source=about.gitlab.com/de-de/get-started/","get started",{"freeTrial":405,"mobileIcon":409,"desktopIcon":411},{"text":406,"config":407},"Erfahre mehr über GitLab Duo",{"href":60,"dataGaName":408,"dataGaLocation":391},"gitlab duo",{"altText":393,"config":410},{"src":395,"dataGaName":396,"dataGaLocation":391},{"altText":393,"config":412},{"src":399,"dataGaName":396,"dataGaLocation":391},{"freeTrial":414,"mobileIcon":419,"desktopIcon":421},{"text":415,"config":416},"Zurück zur Preisübersicht",{"href":169,"dataGaName":417,"dataGaLocation":391,"icon":418},"back to pricing","GoBack",{"altText":393,"config":420},{"src":395,"dataGaName":396,"dataGaLocation":391},{"altText":393,"config":422},{"src":399,"dataGaName":396,"dataGaLocation":391},{"title":424,"button":425,"config":430},"Sieh dir an, wie agentische KI die Softwarebereitstellung transformiert",{"text":426,"config":427},"GitLab Transcend jetzt ansehen",{"href":428,"dataGaName":429,"dataGaLocation":26},"/de-de/events/transcend/virtual/","transcend event",{"layout":431,"icon":432,"disabled":14},"release","AiStar",{"data":434},{"text":435,"source":436,"edit":442,"contribute":447,"config":452,"items":457,"minimal":630},"Git ist eine Marke von Software Freedom Conservancy und unsere Verwendung von „GitLab“ erfolgt unter Lizenz.",{"text":437,"config":438},"Quelltext der Seite anzeigen",{"href":439,"dataGaName":440,"dataGaLocation":441},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/","page source","footer",{"text":443,"config":444},"Diese Seite bearbeiten",{"href":445,"dataGaName":446,"dataGaLocation":441},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/content/","web ide",{"text":448,"config":449},"Beteilige dich",{"href":450,"dataGaName":451,"dataGaLocation":441},"https://gitlab.com/gitlab-com/marketing/digital-experience/about-gitlab-com/-/blob/main/CONTRIBUTING.md/","please contribute",{"twitter":453,"facebook":454,"youtube":455,"linkedin":456},"https://x.com/gitlab","https://www.facebook.com/gitlab","https://www.youtube.com/channel/UCnMGQ8QHMAnVIsI3xJrihhg","https://www.linkedin.com/company/gitlab-com",[458,481,536,563,597],{"title":44,"links":459,"subMenu":464},[460],{"text":461,"config":462},"DevSecOps-Plattform",{"href":53,"dataGaName":463,"dataGaLocation":441},"devsecops platform",[465],{"title":167,"links":466},[467,471,476],{"text":468,"config":469},"Tarife anzeigen",{"href":169,"dataGaName":470,"dataGaLocation":441},"view plans",{"text":472,"config":473},"Vorteile von Premium",{"href":474,"dataGaName":475,"dataGaLocation":441},"/de-de/pricing/premium/","why premium",{"text":477,"config":478},"Vorteile von Ultimate",{"href":479,"dataGaName":480,"dataGaLocation":441},"/de-de/pricing/ultimate/","why ultimate",{"title":482,"links":483},"Lösungen",[484,489,492,494,499,504,508,511,514,519,521,523,526,531],{"text":485,"config":486},"Digitale Transformation",{"href":487,"dataGaName":488,"dataGaLocation":441},"/de-de/topics/digital-transformation/","digital transformation",{"text":490,"config":491},"Sicherheit und Compliance",{"href":109,"dataGaName":116,"dataGaLocation":441},{"text":101,"config":493},{"href":85,"dataGaName":86,"dataGaLocation":441},{"text":495,"config":496},"Agile Entwicklung",{"href":497,"dataGaName":498,"dataGaLocation":441},"/de-de/solutions/agile-delivery/","agile delivery",{"text":500,"config":501},"Cloud-Transformation",{"href":502,"dataGaName":503,"dataGaLocation":441},"/de-de/topics/cloud-native/","cloud transformation",{"text":505,"config":506},"SCM",{"href":98,"dataGaName":507,"dataGaLocation":441},"source code management",{"text":89,"config":509},{"href":91,"dataGaName":510,"dataGaLocation":441},"continuous integration & delivery",{"text":139,"config":512},{"href":141,"dataGaName":513,"dataGaLocation":441},"value stream management",{"text":515,"config":516},"GitOps",{"href":517,"dataGaName":518,"dataGaLocation":441},"/de-de/solutions/gitops/","gitops",{"text":152,"config":520},{"href":154,"dataGaName":155,"dataGaLocation":441},{"text":157,"config":522},{"href":159,"dataGaName":160,"dataGaLocation":441},{"text":524,"config":525},"Öffentlicher Sektor",{"href":164,"dataGaName":165,"dataGaLocation":441},{"text":527,"config":528},"Bildungswesen",{"href":529,"dataGaName":530,"dataGaLocation":441},"/de-de/solutions/education/","education",{"text":532,"config":533},"Finanzdienstleistungen",{"href":534,"dataGaName":535,"dataGaLocation":441},"/de-de/solutions/finance/","financial services",{"title":172,"links":537},[538,540,542,544,547,549,551,553,555,557,559,561],{"text":184,"config":539},{"href":186,"dataGaName":187,"dataGaLocation":441},{"text":189,"config":541},{"href":191,"dataGaName":192,"dataGaLocation":441},{"text":194,"config":543},{"href":196,"dataGaName":197,"dataGaLocation":441},{"text":199,"config":545},{"href":201,"dataGaName":546,"dataGaLocation":441},"docs",{"text":222,"config":548},{"href":224,"dataGaName":225,"dataGaLocation":441},{"text":217,"config":550},{"href":219,"dataGaName":220,"dataGaLocation":441},{"text":227,"config":552},{"href":229,"dataGaName":230,"dataGaLocation":441},{"text":235,"config":554},{"href":237,"dataGaName":238,"dataGaLocation":441},{"text":240,"config":556},{"href":242,"dataGaName":243,"dataGaLocation":441},{"text":245,"config":558},{"href":247,"dataGaName":248,"dataGaLocation":441},{"text":250,"config":560},{"href":252,"dataGaName":253,"dataGaLocation":441},{"text":255,"config":562},{"href":257,"dataGaName":258,"dataGaLocation":441},{"title":273,"links":564},[565,567,569,571,573,575,577,581,586,588,590,592],{"text":280,"config":566},{"href":282,"dataGaName":275,"dataGaLocation":441},{"text":285,"config":568},{"href":287,"dataGaName":288,"dataGaLocation":441},{"text":293,"config":570},{"href":295,"dataGaName":296,"dataGaLocation":441},{"text":298,"config":572},{"href":300,"dataGaName":301,"dataGaLocation":441},{"text":303,"config":574},{"href":305,"dataGaName":306,"dataGaLocation":441},{"text":308,"config":576},{"href":310,"dataGaName":311,"dataGaLocation":441},{"text":578,"config":579},"Sustainability",{"href":580,"dataGaName":578,"dataGaLocation":441},"/sustainability/",{"text":582,"config":583},"Vielfalt, Inklusion und Zugehörigkeit",{"href":584,"dataGaName":585,"dataGaLocation":441},"/de-de/diversity-inclusion-belonging/","Diversity, inclusion and belonging",{"text":313,"config":587},{"href":315,"dataGaName":316,"dataGaLocation":441},{"text":323,"config":589},{"href":325,"dataGaName":326,"dataGaLocation":441},{"text":328,"config":591},{"href":330,"dataGaName":331,"dataGaLocation":441},{"text":593,"config":594},"Transparenzerklärung zu moderner Sklaverei",{"href":595,"dataGaName":596,"dataGaLocation":441},"https://handbook.gitlab.com/handbook/legal/modern-slavery-act-transparency-statement/","modern slavery transparency statement",{"title":598,"links":599},"Nimm Kontakt auf",[600,603,608,610,615,620,625],{"text":601,"config":602},"Sprich mit einem Experten/einer Expertin",{"href":35,"dataGaName":36,"dataGaLocation":441},{"text":604,"config":605},"Support",{"href":606,"dataGaName":607,"dataGaLocation":441},"https://support.gitlab.com/hc/en-us/articles/11626483177756-GitLab-Support","get help",{"text":347,"config":609},{"href":349,"dataGaName":350,"dataGaLocation":441},{"text":611,"config":612},"Status",{"href":613,"dataGaName":614,"dataGaLocation":441},"https://status.gitlab.com/","status",{"text":616,"config":617},"Nutzungsbedingungen",{"href":618,"dataGaName":619,"dataGaLocation":441},"/terms/","terms of use",{"text":621,"config":622},"Datenschutzerklärung",{"href":623,"dataGaName":624,"dataGaLocation":441},"/de-de/privacy/","privacy statement",{"text":626,"config":627},"Cookie-Einstellungen",{"dataGaName":628,"dataGaLocation":441,"id":629,"isOneTrustButton":14},"cookie preferences","ot-sdk-btn",{"items":631},[632,634,636],{"text":616,"config":633},{"href":618,"dataGaName":619,"dataGaLocation":441},{"text":621,"config":635},{"href":623,"dataGaName":624,"dataGaLocation":441},{"text":626,"config":637},{"dataGaName":628,"dataGaLocation":441,"id":629,"isOneTrustButton":14},29,{"id":640,"title":641,"authorSlugs":642,"body":6,"categorySlug":9,"config":644,"content":647,"description":6,"extension":12,"isFeatured":10,"meta":659,"navigation":14,"path":660,"publishedDate":653,"seo":661,"stem":665,"tagSlugs":666,"__hash__":667},"blogPosts/de-de/blog/using-gitlab-container-virtual-registry-with-docker-hardened-images.yml","Using Gitlab Container Virtual Registry With Docker Hardened Images",[643],"tim-rizzi",{"featured":10,"template":645,"slug":646},"BlogPost","using-gitlab-container-virtual-registry-with-docker-hardened-images",{"title":648,"description":649,"authors":650,"heroImage":652,"date":653,"body":654,"category":9,"tags":655},"GitLab Container Virtual Registry mit Docker Hardened Images einrichten","Mehrere Registries hinter einem Endpunkt – GitLab Container Virtual Registry mit Docker Hardened Images, Caching und Audit-Trail.",[651],"Tim Rizzi","https://res.cloudinary.com/about-gitlab-com/image/upload/v1772111172/mwhgbjawn62kymfwrhle.png","2026-03-12","Wer im Plattformteam arbeitet, kennt solche Gespräche:\n\n*„Security sagt: Wir müssen gehärtete Base-Images verwenden.\"*\n\n*„Prima – wo trage ich jetzt die Credentials für noch eine weitere Registry ein?\"*\n\n*„Und wie stellen wir sicher, dass alle sie auch wirklich nutzen?\"*\n\nOder diese hier:\n\n*„Warum sind unsere Builds so langsam?\"*\n\n*„Wir pullen dasselbe 500-MB-Image in jedem einzelnen Job neu von Docker Hub.\"*\n\n*„Kann man die nicht irgendwo cachen?\"*\n\nIch arbeite bei GitLab an der [Container Virtual Registry](https://docs.gitlab.com/user/packages/virtual_registry/container/) – einem Pull-Through-Cache, der vor den vorgelagerten Registries sitzt: Docker Hub, dhi.io (Docker Hardened Images), MCR und Quay. Teams erhalten einen einzigen Endpunkt zum Pullen. Images werden beim ersten Abruf gecacht; alle nachfolgenden Pulls kommen aus dem Cache. Das Entwicklungsteam muss nicht wissen, aus welchem Upstream ein bestimmtes Image stammt.\n\nDieser Artikel zeigt die Einrichtung der Container Virtual Registry – mit Docker Hardened Images als konkretem Anwendungsfall, da diese Kombination für Teams mit Sicherheitsanforderungen besonders naheliegt.\n\n## Das Problem: Registry-Wildwuchs im Plattformteam\n\nDie Plattformteams, mit denen ich spreche, verwalten Container-Images über drei bis fünf Registries:\n\n- **Docker Hub** für die meisten Base-Images\n- **dhi.io** für Docker Hardened Images (sicherheitskritische Workloads)\n- **MCR** für .NET- und Azure-Tooling\n- **Quay.io** für das Red-Hat-Ökosystem\n- **Interne Registries** für proprietäre Images\n\nJede davon hat eigene Authentifizierungsmechanismen, unterschiedliche Netzwerklatenz und eine eigene Pfadstruktur für Images.\n\nCI/CD-Konfigurationen füllen sich mit registry-spezifischer Logik. Credential-Management wird zum eigenständigen Projekt. Und jeder Pipeline-Job lädt dieselben Base-Images erneut über das Netz – obwohl sie sich seit Wochen nicht geändert haben.\n\nContainer Virtual Registry konsolidiert das: eine Registry-URL, ein Authentifizierungsfluss über GitLab, gecachte Images aus GitLab-Infrastruktur statt wiederholter Internet-Traversierung.\n\n## Funktionsweise\n\nDas Modell ist geradlinig:\n\n```text\n\nPipeline ruft ab:\n  gitlab.com/virtual_registries/container/1000016/python:3.13\n\nVirtual Registry prüft:\n  1. Im Cache vorhanden? → Direkt zurückgeben\n  2. Nein? → Vom Upstream laden, cachen, zurückgeben\n\n\n```\n\nUpstreams werden in Prioritätsreihenfolge konfiguriert. Bei einem eingehenden Pull-Request durchsucht die Virtual Registry die Upstreams der Reihe nach, bis das Image gefunden wird. Das Ergebnis wird für einen konfigurierbaren Zeitraum gecacht – standardmäßig 24 Stunden.\n\n\n```text\n\n┌─────────────────────────────────────────────────────────┐ │                    CI/CD Pipeline                       │ │                          │                              │ │                          ▼                              │ │   gitlab.com/virtual_registries/container/\u003Cid>/image   │ └─────────────────────────────────────────────────────────┘\n                           │\n                           ▼\n┌─────────────────────────────────────────────────────────┐ │            Container Virtual Registry                   │ │                                                         │ │  Upstream 1: Docker Hub ────────────────┐               │ │  Upstream 2: dhi.io (Hardened) ────────┐│               │ │  Upstream 3: MCR ─────────────────────┐││               │ │  Upstream 4: Quay.io ────────────────┐│││               │ │                                      ││││               │ │                    ┌─────────────────┴┴┴┴──┐            │ │                    │        Cache          │            │ │                    │  (manifests + layers) │            │ │                    └───────────────────────┘            │ └─────────────────────────────────────────────────────────┘\n\n```\n\n## Was das konkret bringt – besonders mit Docker Hardened Images\n\n[Docker Hardened Images](https://docs.docker.com/dhi/) zeichnen sich durch minimale Angriffsfläche, nahezu keine bekannten CVEs, vollständige Software Bills of Materials (SBOMs) und SLSA-Provenance aus. Für Teams, die Base-Images für sicherheitskritische Workloads evaluieren, gehören sie auf die Shortlist.\n\nDer Wechsel zu dhi.io erzeugt jedoch dieselbe operative Reibung wie jede neue Registry:\n\n- **Credential-Verteilung**: Docker-Credentials müssen auf alle Systeme verteilt werden, die Images von dhi.io abrufen.\n- **CI/CD-Anpassungen**: Jede Pipeline muss für die Authentifizierung mit dhi.io aktualisiert werden.\n- **Akzeptanzproblem**: Ohne zentrale Steuerung greifen Teams weiterhin auf reguläre Images zurück.\n- **Fehlende Transparenz**: Ob Teams tatsächlich die gehärteten Varianten nutzen, ist kaum nachvollziehbar.\n\nDie Virtual Registry löst jeden dieser Punkte:\n\n**Einzelne Credential**: Teams authentifizieren sich bei GitLab. Die Virtual Registry übernimmt die Upstream-Authentifizierung. Docker-Credentials werden einmalig auf Registry-Ebene konfiguriert und gelten für alle Pulls.\n\n**Keine per-Team-CI/CD-Änderungen**: Pipelines auf die Virtual Registry zeigen lassen – fertig. Die Upstream-Konfiguration ist zentralisiert.\n\n**Schrittweise Einführung**: Da Images mit ihrem vollständigen Pfad gecacht werden, ist im Cache sichtbar, was tatsächlich abgerufen wird. Wird `library/python:3.11` statt der gehärteten Variante gepullt, ist das erkennbar.\n\n**Audit-Trail**: Der Cache zeigt exakt, welche Images aktiv genutzt werden – nachvollziehbar für Compliance-Zwecke und als Grundlage für das Verständnis der tatsächlichen Infrastruktur-Abhängigkeiten.\n\nWer das Konzept verstanden hat und die Einrichtung zu einem späteren Zeitpunkt in Angriff nimmt: Die wesentlichen Konzepte sind damit abgedeckt. Die technische Konfiguration folgt im nächsten Abschnitt.\n\n## Einrichtung\n\nDie folgende Einrichtung nutzt den Python-Client aus dem Demo-Projekt.\n\n### Virtual Registry erstellen\n\n```python\nfrom virtual_registry_client import VirtualRegistryClient\nclient = VirtualRegistryClient()\nregistry = client.create_virtual_registry(\n    group_id=\"785414\",  # ID der obersten Gruppe\n    name=\"platform-images\",\n    description=\"Cached container images for platform teams\"\n)\nprint(f\"Registry ID: {registry['id']}\") # Diese ID wird für die Pull-URL benötigt\n```\n\n### Docker Hub als Upstream hinzufügen\n\nFür offizielle Images wie Alpine, Python usw.:\n\n```python\n\ndocker_upstream = client.create_upstream(\n    registry_id=registry['id'],\n    url=\"https://registry-1.docker.io\",\n    name=\"Docker Hub\",\n    cache_validity_hours=24\n)\n\n```\n\n### Docker Hardened Images (dhi.io) hinzufügen\n\nDocker Hardened Images werden auf `dhi.io` gehostet – einer separaten Registry mit Authentifizierungspflicht:\n\n```python\n\ndhi_upstream = client.create_upstream(\n    registry_id=registry['id'],\n    url=\"https://dhi.io\",\n    name=\"Docker Hardened Images\",\n    username=\"your-docker-username\",\n    password=\"your-docker-access-token\",\n    cache_validity_hours=24\n)\n\n```\n\n### Weitere Upstreams hinzufügen\n\n```python\n\n# MCR für .NET-Teams client.create_upstream(\n    registry_id=registry['id'],\n    url=\"https://mcr.microsoft.com\",\n    name=\"Microsoft Container Registry\",\n    cache_validity_hours=48\n)\n# Quay für das Red-Hat-Ökosystem client.create_upstream(\n    registry_id=registry['id'],\n    url=\"https://quay.io\",\n    name=\"Quay.io\",\n    cache_validity_hours=24\n)\n\n```\n\n### CI/CD aktualisieren\n\nEine `.gitlab-ci.yml`, die über die Virtual Registry pullt:\n\n```yaml\n\nvariables:\n  VIRTUAL_REGISTRY_ID: \u003Cyour_virtual_registry_ID>\n\n  \nbuild:\n  image: docker:24\n  services:\n    - docker:24-dind\n  before_script:\n    # Authentifizierung bei GitLab – Upstream-Auth wird übernommen\n    - echo \"${CI_JOB_TOKEN}\" | docker login -u gitlab-ci-token --password-stdin gitlab.com\n  script:\n    # Alle Pulls laufen über die zentrale Virtual Registry\n    \n    # Offizielle Docker Hub Images (library/-Präfix erforderlich)\n    - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/library/alpine:latest\n    \n    # Docker Hardened Images von dhi.io (kein Präfix nötig)\n    - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/python:3.13\n    \n    # .NET von MCR\n    - docker pull gitlab.com/virtual_registries/container/${VIRTUAL_REGISTRY_ID}/dotnet/sdk:8.0\n\n\n```\n\n### Image-Pfadformate\n\nVerschiedene Registries verwenden unterschiedliche Pfadkonventionen:\n\n| Registry | Beispiel-Pull-URL |\n|----------|-------------------|\n| Docker Hub (offiziell) | `.../library/python:3.11-slim` |\n| Docker Hardened Images (dhi.io) | `.../python:3.13` |\n| MCR | `.../dotnet/sdk:8.0` |\n| Quay.io | `.../prometheus/prometheus:latest` |\n\n### Funktionsprüfung\n\nNach einigen Pulls lässt sich der Cache überprüfen:\n\n```python\n\nupstreams = client.list_registry_upstreams(registry['id']) for upstream in upstreams:\n    entries = client.list_cache_entries(upstream['id'])\n    print(f\"{upstream['name']}: {len(entries)} cached entries\")\n\n\n```\n\n## Messergebnisse\n\nTestergebnisse beim Pullen über die Virtual Registry:\n\n| Messgröße | Ohne Cache | Mit warmem Cache |\n|-----------|------------|-----------------|\n| Pull-Zeit (Alpine) | 10,3 s | 4,2 s |\n| Pull-Zeit (Python 3.13 DHI) | 11,6 s | ~4 s |\n| Netzwerk-Roundtrips zum Upstream | Jeder Pull | Nur Cache-Misses |\n\nDer erste Pull hat dieselbe Dauer – das Image muss vom Upstream geladen werden. Jeder weitere Pull innerhalb der Cache-Gültigkeitsdauer kommt direkt aus GitLab-Storage: kein Netzwerk-Hop zu Docker Hub, dhi.io, MCR oder einer anderen Registry.\n\nBei Teams mit vielen Pipeline-Jobs pro Tag summiert sich das zu einem messbaren Gewinn bei den Build-Laufzeiten.\n\n## Praktische Hinweise\n\n### Cache-Gültigkeit\n\nDer Standard sind 24 Stunden. Für sicherheitskritische Images, bei denen Patches schnell verfügbar sein sollen, empfiehlt sich ein kürzeres Intervall:\n\n```python\n\nclient.create_upstream(\n    registry_id=registry['id'],\n    url=\"https://dhi.io\",\n    name=\"Docker Hardened Images\",\n    username=\"your-username\",\n    password=\"your-token\",\n    cache_validity_hours=12\n)\n\n```\n\nFür stabile Images mit fixen Versions-Tags ist ein längeres Intervall problemlos.\n\n### Upstream-Priorität\n\nUpstreams werden der Reihe nach geprüft. Bei gleichnamigen Images in verschiedenen Registries gewinnt der erste passende Upstream.\n\n### Limits\n\n- Maximal 20 Virtual Registries pro Gruppe\n- Maximal 20 Upstreams pro Virtual Registry\n\n## Konfiguration über die Oberfläche\n\nVirtual Registries und Upstreams lassen sich auch direkt in der GitLab-Oberfläche einrichten – ohne API-Aufrufe. Unter **Einstellungen > Pakete und Registries > Virtual Registry** der jeweiligen Gruppe stehen folgende Optionen zur Verfügung:\n\n- Virtual Registries erstellen und verwalten\n- Upstreams hinzufügen, bearbeiten und neu anordnen\n- Cache anzeigen und verwalten\n- Überblick, welche Images abgerufen werden\n\n## Ausblick\n\nIn Entwicklung:\n\n- **Allow/Deny-Listen**: Regex-basierte Steuerung, welche Images aus welchen Upstreams abgerufen werden dürfen.\n\nContainer Virtual Registry befindet sich in der Beta-Phase. Die Funktion wird produktiv eingesetzt und wird weiterentwickelt – Feedback fließt direkt in die Priorisierung ein.\n\n## Feedback\n\nWer als Plattformteam mit Registry-Wildwuchs zu kämpfen hat: Ich möchte verstehen, wie die aktuelle Situation aussieht.\n\n- Wie viele Upstream-Registries werden verwaltet?\n- Wo liegt der größte Schmerzpunkt?\n- Würde ein solcher Ansatz helfen – und falls nicht: Was fehlt?\n\nErfahrungen und Rückmeldungen gerne im [Container Virtual Registry Feedback-Issue](https://gitlab.com/gitlab-org/gitlab/-/work_items/589630) teilen.\n\n## Weiterführende Ressourcen\n\n- [Neue GitLab-Metriken und Registry-Funktionen zur Optimierung von CI/CD-Pipelines](https://about.gitlab.com/de-de/blog/new-gitlab-metrics-and-registry-features-help-reduce-ci-cd-bottlenecks/)\n- [Container Virtual Registry – Dokumentation](https://docs.gitlab.com/user/packages/virtual_registry/container/)\n- [Container Virtual Registry – API](https://docs.gitlab.com/api/container_virtual_registries/)\n\n## Für deutsche Unternehmen könnte dies folgende Themen betreffen\n\nTeams, die sicherheitsgehärtete Base-Images mit vollständigen SBOMs und SLSA-Provenance einsetzen, haben möglicherweise auch Compliance-Überlegungen – beispielsweise in Bereichen wie Sicherheit der Software-Lieferkette, Nachvollziehbarkeit von Image-Abhängigkeiten und zentralem Audit-Trail.\n\nRegulatorische Frameworks wie NIS2 und der Cyber Resilience Act adressieren ähnliche Themen rund um Software-Lieferketten und SBOM-Transparenz. Für konkrete Compliance-Anforderungen empfiehlt sich Rücksprache mit entsprechender Fachberatung.",[656,657,658],"tutorial","product","features",{},"/de-de/blog/using-gitlab-container-virtual-registry-with-docker-hardened-images",{"config":662,"title":663,"description":664},{"noIndex":10},"Container Virtual Registry mit Docker Hardened Images","Mehrere Container-Registries zu einem Endpunkt konsolidieren: GitLab Container Virtual Registry mit Docker Hardened Images, Caching und Audit-Trail.","de-de/blog/using-gitlab-container-virtual-registry-with-docker-hardened-images",[656,657,658],"BFbuzAjb6diaPvo5LhBwL6KisLFUWSlmquB9ahvb-0Y",[669],{"content":670,"config":676},{"title":671,"heroImage":672,"category":9,"description":673,"authors":674},"Was ist das Gitlab Container Registry?","https://res.cloudinary.com/about-gitlab-com/image/upload/v1749665223/Blog/Hero%20Images/containers.jpg"," Die auf Open Source basierende GitLab Container Registry ist nicht nur eine eigenständige Registry, sondern vollständig in GitLab integriert.",[675],"Mark Pundsack",{"externalUrl":-1,"slug":677},"gitlab-container-registry",1773871243749]