Vulnerability Scanning

Harbor provides static analysis of vulnerabilities in images through the open source Clair project.

Clair is an optional component. To be able to use Clair you must have enabled Clair when you installed your Harbor instance.

You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the Harbor Compatibility List.

It might be necessary to connect Harbor to other scanners for corporate compliance reasons, or because your organization already uses a particular scanner. Different scanners also use different vulnerability databases, capture different CVE sets, and apply different severity thresholds. By connecting Harbor to more than one vulnerability scanner, you broaden the scope of your protection against vulnerabilities.

For information about installing Harbor with Clair, see the Run the Installer Script.

You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to automatically scan all of the images at specific intervals.

Pages in this section