gitmyhub

harbor

Go ★ 29k updated 2d ago

An open source trusted cloud native registry project that stores, signs, and scans content.

Harbor is a self-hosted private container image registry that adds automated security scanning, role-based access control, and cross-region replication on top of basic image storage.

GoDockerKubernetesHelmLDAPsetup: hardcomplexity 4/5

Harbor is an open source container registry — a private, secure place to store and manage the container images (think of containers as pre-packaged, portable software bundles) that your team builds and deploys. Instead of relying solely on public registries like Docker Hub, Harbor gives you your own hosted registry with added security and management features.

What makes Harbor stand out is what it layers on top of basic storage. It can automatically scan images for known security vulnerabilities before they get deployed. It supports role-based access control, meaning different team members can have different permissions for different projects. It can replicate (synchronize) images between multiple registries in different locations, which helps with backups, load balancing, and operating across data centers or cloud providers.

Harbor also integrates with enterprise login systems (LDAP/Active Directory and OpenID Connect), so users can log in with the same accounts they use for other internal tools. Every action in the system is logged for auditing, and a graphical web portal makes it easy to browse and search stored images without command-line tools.

You would use Harbor if you are running software built with containers and need a private, self-hosted place to store those containers with security scanning, access controls, and replication. It is especially useful for organizations that cannot or prefer not to push sensitive images to public cloud registries. Harbor is a Cloud Native Computing Foundation (CNCF) project, written in Go, and can be deployed using Docker Compose or Helm Chart (a Kubernetes packaging format).

Where it fits