100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
DevOps

Harbor

IntermediateTool5.5K learners

Harbor is an open-source, cloud-native container registry that stores, signs, and scans container images and other OCI artifacts, adding enterprise security and access-control features on top of a standard registry.

Definition

Harbor is an open-source, cloud-native container registry that stores, signs, and scans container images and other OCI artifacts, adding enterprise security and access-control features on top of a standard registry.

Overview

Harbor started as a project at VMware to fill a gap in the container ecosystem: teams needed somewhere secure and self-hosted to store Docker images, since public registries didn't always meet enterprise requirements around access control, auditing, and vulnerability management. It was open sourced and later became a graduated project of the Cloud Native Computing Foundation, putting it in the same governance family as Kubernetes and Helm. Functionally, Harbor behaves like a private Docker/OCI registry but layers on role-based access control, project-level isolation between teams, image replication across multiple Harbor instances or clouds, and integrated vulnerability scanning so images can be checked for known CVEs before they reach production. It also supports content trust and image signing, letting organizations verify that only approved, unmodified images are deployed. Harbor is most commonly deployed inside Kubernetes clusters or alongside CI/CD pipelines, acting as the trusted source of truth for container images as they move from build to test to production. Teams adopting it are usually already running containerized workloads at a scale where the built-in registries from Docker Hub or a single cloud provider no longer meet their security or governance needs.

Key Features

  • Role-based access control with per-project isolation
  • Built-in vulnerability scanning for container images
  • Image signing and content trust for supply-chain integrity
  • Cross-registry replication between Harbor instances and clouds
  • Support for Helm chart repositories and other OCI artifacts
  • Web UI and API for managing users, projects, and policies
  • Tag retention and garbage collection policies for storage management

Use Cases

Private, self-hosted registry for enterprise container images
Enforcing vulnerability scanning gates before deployment
Multi-region image replication for global Kubernetes clusters
Storing Helm charts alongside container images
Auditing who pushed or pulled which images and when
Supply-chain security through signed, verified image provenance

History

Harbor is an open-source, OCI-compliant container registry that stores, signs, and scans container images and other cloud-native artifacts, adding enterprise features such as role-based access control, vulnerability scanning, and replication. It was created at VMware China around 2014 and open-sourced in 2016, and it was the first open-source registry compliant with the Open Container Initiative specifications. Harbor joined the Cloud Native Computing Foundation on July 31, 2018, and graduated on June 15, 2020, becoming the first open-source registry to reach CNCF graduated status. It is widely deployed for secure image management across private and hybrid cloud environments.

Frequently Asked Questions