Cloud native registry for storing, signing, scanning, and replicating container images and Helm charts
- Stars28.7k
- Forks5.3k
- Open Issues828
Apache-2.0
- Go
- TypeScript
- HTML
About Harbor
Harbor is an open source cloud native registry for storing, signing, and scanning content. It extends Docker Distribution with security, identity, and management features for container images and Helm charts, giving teams a registry close to their build and runtime environments.
Projects provide role based access control for repositories. Policy based replication synchronizes images and charts between registry instances with filters for repository, tag, and label. Harbor scans images for vulnerabilities, supports policy checks to block vulnerable or unsigned images, tracks repository operations in logs, and provides a graphical portal plus RESTful APIs.
Harbor can be deployed on a Linux host with Docker Compose, on Kubernetes with the Harbor chart, and through a Harbor Operator. It is hosted by the Cloud Native Computing Foundation, licensed under Apache 2, and had a third party security audit by Cure53 in October 2019.
Key features
- Registry for container images and Helm charts
- Role based access control through projects
- Policy based replication with repository, tag, and label filters
- Vulnerability scanning with deployment policy checks
- Docker Content Trust image signing with Notary
Details
- First released
- 2016
- Self-hosting
- Docker Compose · Helm chart · Operator
- Content
- Container images · Helm charts
- Identity
- LDAP/AD · OIDC
- Auditing
- Repository operations tracked in logs
- Governance
- Hosted by CNCF