Satellite's container list shows result "{"repositories":[]}" when accessed over the URL "https://FQDN_or_IP/v2/_catalog" without authentication, but customer's security scanner reports that the correct result should be a 401 page.

Since Satellite allows lifecycle environments to be configured to allow access without authentication, it seems reasonable to request that the Satellite server return a 401 page except when accessing that URL on hosts that are registered to lifecycle environments that have been manually configured to allow unauthenticated access.