Harbor Private Registry: Image Vulnerability Scanning Demo

The popular open source Harbor registry has released a new version 1.2. In this version, it introduces a new feature called Vulnerability Scanning. It can scan through the images stored in Harbor and report any vulnerability found in images. The vulnerability has a few level of severity: normal, low, medium and high. The administrator of Harbor can set a threshold, e.g. High, so that any images with vulnerabilities equal to or above that level will be rejected from pulling. This ensure the images with vulnerability cannot be used in a production or other environment.

The scanning actually goes through all files of a container image and shows how many packages are found with problems and the level of security risk. This is quite straightforward for an administrator to understand the risk inside an image.

The scanning happens when an image has been pushed to a Harbor private registry. The scanning can also be scheduled at a specified time, e.g. at the mid night everyday, to reduce the resource consumption during the peak hours of a day.

Harbor leverages Clair project for this vulnerability scanning feature. It automatically checks for update from a few CVE sources. When an update in CVE database is found, it downloads the data and use it in the next scan.

Here is a demo of the vulnerability scanning feature.

If you are interested in this scanning feature, you can download the latest version of Harbor Registry and try it out.

 

The Inspiration Behind Open Source Project Harbor

About Project Harbor

Project Harbor is an enterprise-class registry server that stores and distributes Docker images. Harbor extends the open source Docker Distribution by adding the functionalities usually required by an enterprise, such as security, identity and replication.

The Inspiration Behind Project Harbor

When I attended container meetups and conferences in early 2014, I often heard people complaining about container image management challenges. They usually created various hacks or workarounds to solve their problems. When I saw pain points like these, I had a gut feeling there would be a great opportunity to create a solution addressing these challenges. Shortly after these discussions, we started a side project for managing container images. And that’s where Project Harbor began.

Why We Chose to Open Source Project Harbor

Originally, we dogfooded our project within the VMware China R&D Center. We used Harbor in a few internal projects and received positive feedback from our teams. In March 2016, we ultimately decided to open source Project Harbor on Github for larger adoption and more feedback.

How We Landed On the Name “Harbor”

We chose a name related to containers. Harbor is a place where containers are loaded on or unloaded from ships. Moreover, the word “Harbor” is simple and can be easily pronounced and remembered, making it a strong choice for project promotion.

The People Behind Project Harbor

At the beginning, only about six people were involved with the project—mostly engineers and interns in our Advanced Technology Center (ATC) team at VMware China R&D. Gradually, community users started to join forces with us, collaborating to help improve the project. Currently, there are approximately 50 contributors, and about two-thirds are outside of VMware.

Project Harbor Momentum

Since Project Harbor was open sourced last year, it gained significant traction in terms of adoption and new contributors. I think Project Harbor has seen substantial momentum due to many factors. First, it hit the pain points and solved many container user problems. Second, Harbor is open source and has an open community mindset; our actions reflect constant user feedback and suggestions to ensure improvement. We also work with partners in the ecosystem to build products or create solutions using Harbor. Third, we promoted Harbor through social media channels, like WeChat, blogs and Twitter.

I look forward to sharing more about Project Harbor, answering any community questions and sharing my thoughts on other open source projects in the future.

This blog was originally posted at

https://blogs.vmware.com/opensource/2017/07/19/the-inspiration-behind-open-source-project-harbor/