LLMpediaThe first transparent, open encyclopedia generated by LLMs

Harbor (software)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GitLab Hop 3
Expansion Funnel Raw 65 → Dedup 16 → NER 13 → Enqueued 10
1. Extracted65
2. After dedup16 (None)
3. After NER13 (None)
Rejected: 3 (not NE: 3)
4. Enqueued10 (None)
Harbor (software)
NameHarbor
TitleHarbor
DeveloperCloud Native Computing Foundation
Released2016
Latest release2.6
Programming languageGo
Operating systemCross-platform
LicenseApache License 2.0

Harbor (software) Harbor is an open source container image registry project that provides enterprise-grade registry services, role-based access control, and image signing. It is maintained as a graduated project of the Cloud Native Computing Foundation and is commonly deployed alongside orchestration platforms such as Kubernetes, OpenShift, and Docker Swarm. Harbor integrates with CI/CD systems and artifact tools to provide secure image distribution for organizations including those using Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Overview

Harbor was created to extend the capabilities of the Docker Registry by adding features such as fine-grained permissions, replication, and vulnerability scanning. It supports container image formats from Docker (software), OCI (Open Container Initiative) artifacts, and Helm charts used with Helm (software). Harbor is used by enterprises, service providers, and open source projects to enforce policies and accelerate delivery pipelines involving platforms like Jenkins, GitLab, GitHub Actions, and Tekton.

Architecture

Harbor's architecture is modular and typically comprises a registry backend, a portal, a core API, a job service, and a database. The registry backend relies on Docker Registry or distribution (software) components for storage, while the database often uses PostgreSQL or MySQL for metadata. The job service coordinates asynchronous tasks such as replication and garbage collection, integrating with message buses like Redis or RabbitMQ. Harbor's authentication and authorization can integrate with identity providers such as LDAP, Active Directory, and OAuth 2.0 services including Dex (software), enabling single sign-on with platforms like Keycloak and Okta.

Features

Harbor offers image signing with Notary (project), vulnerability scanning via engines such as Clair (software) and Trivy (software), and content trust features compatible with The Update Framework. It includes role-based access control (RBAC) modeled around projects and users, supporting groups from LDAP and SAML 2.0 identity federations. Replication rules enable synchronization between registries including Docker Hub, Azure Container Registry, Amazon ECR, and private registries used by organizations like VMware and IBM. Additional features encompass audit logging for integration with ELK Stack, webhooks to notify systems like Prometheus and Grafana, and immutable tags to enforce immutability for production artifacts.

Deployment and Integration

Harbor is commonly deployed on Kubernetes via charts for Helm (software) or operators compatible with Operator Framework. Alternative deployments include virtual appliances and containerized bundles for VMware vSphere environments and on-premises data centers using OpenStack. CI/CD integration is achieved through connectors and webhooks for Jenkins, GitLab CI/CD, Azure DevOps, and CircleCI. Storage backends supported include Amazon S3, Google Cloud Storage, MinIO, and on-premises NFS, allowing integration with backup systems like Velero and artifact lifecycle managers such as Artifactory.

Security and Compliance

Harbor provides security controls aligning with standards commonly referenced by enterprises such as ISO/IEC 27001 and NIST frameworks. Vulnerability reports from scanners like Clair (software) and Trivy (software) can be used to enforce policies via admission controls in Kubernetes with tools like Gatekeeper and OPA (Open Policy Agent). Image signing and Notary support enable supply chain security endorsed by initiatives like SLSA and CNCF Sig-Security. Audit logs and event streams facilitate compliance reporting and integration with Splunk and ELK Stack for forensic analysis and retention policies.

Performance and Scalability

Harbor supports horizontal scaling of the registry and stateless components behind load balancers such as HAProxy and NGINX (web server), and can leverage content delivery and caching via CDN providers and registry cache proxies. Backing storage scalability is achieved through object stores like Amazon S3 and distributed storage systems such as Ceph. For high throughput scenarios, Harbor’s replication and garbage collection jobs can be tuned, and monitoring with Prometheus and Grafana enables capacity planning and alerting. Large organizations deploy Harbor in federated topologies to reduce latency for geographically distributed teams using replication policies and edge registries.

History and Development

Harbor was originally developed by VMware and released as an open source project to address enterprise needs around container image management. It joined the Cloud Native Computing Foundation and progressed through incubation and graduation stages with contributions from companies including VMware, Huawei, IBM, Aqua Security, and independent contributors from projects like Docker (software) and Kubernetes. Major milestones include integration of vulnerability scanners like Clair (software), support for OCI artifacts, removal of legacy components, and ongoing enhancements to scalability, security, and multi-tenancy driven by community governance and working groups within the CNCF.

Category:Open-source software