Convert Figma logo to code with AI

goharbor logoharbor

An open source trusted cloud native registry project that stores, signs, and scans content.

23,618
4,717
23,618
639
View on GitHub

Top Related Projects

distribution's avatar

distribution

8,814

The toolkit to pack, ship, store, and deliver container content

quay's avatar

quay

2,474

Build, Store, and Distribute your Applications and Containers

sonatype's avatar

nexus-public

1,898

Sonatype Nexus Repository Open-source codebase mirror

Quick Overview

Harbor is an open-source cloud native registry project that securely stores, signs, and scans container images. It extends the open-source Docker Distribution by adding features that are essential for enterprise users, such as security, identity, and management.

Pros

  • Robust security features, including vulnerability scanning, image signing, and role-based access control
  • Supports multiple authentication backends (e.g., LDAP, OIDC)
  • Provides a user-friendly web interface for managing repositories and users
  • Integrates well with Kubernetes and other container orchestration platforms

Cons

  • Can be complex to set up and configure for advanced use cases
  • Resource-intensive, especially for large-scale deployments
  • Limited built-in support for geo-replication (though it can be achieved through external tools)
  • Learning curve for users new to container registries and related technologies

Getting Started

To deploy Harbor using Docker Compose:

  1. Download the Harbor installer:
wget https://github.com/goharbor/harbor/releases/download/v2.6.0/harbor-online-installer-v2.6.0.tgz
tar xzvf harbor-online-installer-v2.6.0.tgz
  1. Configure Harbor by editing harbor.yml:
cd harbor
cp harbor.yml.tmpl harbor.yml
nano harbor.yml
  1. Run the installation script:
sudo ./install.sh
  1. Access Harbor through your browser at https://your_harbor_domain

For more detailed instructions and advanced configurations, refer to the official Harbor documentation.

Competitor Comparisons

distribution logo

distribution

8,814

The toolkit to pack, ship, store, and deliver container content

Pros of Distribution

  • Lightweight and focused solely on container image distribution
  • Highly scalable and performant for large-scale deployments
  • Easier to integrate into existing infrastructure due to its simplicity

Cons of Distribution

  • Lacks advanced features like vulnerability scanning and user management
  • Limited built-in security features compared to Harbor
  • Requires additional tools for a complete container registry solution

Code Comparison

Harbor:

func (ra *RepositoryAPI) GetManifest() {
    repoName := ra.GetString(":splat")
    tag := ra.GetString(":tag")
    version := ra.GetString("version")
    // ... (additional manifest retrieval logic)
}

Distribution:

func (imh *manifestHandler) GetManifest(w http.ResponseWriter, r *http.Request) {
    imh.Digest = getBlobDigest(r)
    manifests, err := imh.Repository.Manifests(imh)
    // ... (additional manifest handling logic)
}

Both projects handle manifest retrieval, but Harbor's implementation is more tightly integrated with its broader feature set, while Distribution's approach is more focused on the core distribution functionality.

quay logo

quay

2,474

Build, Store, and Distribute your Applications and Containers

Pros of Quay

  • More extensive API and automation capabilities
  • Better support for multi-architecture images
  • Advanced security scanning features

Cons of Quay

  • Steeper learning curve for new users
  • Less frequent updates and releases
  • More complex setup and configuration process

Code Comparison

Harbor configuration example:

harbor:
  adminPassword: Harbor12345
  externalURL: https://harbor.example.com
  persistence:
    enabled: true
    storageClass: "standard"

Quay configuration example:

FEATURE_USER_INITIALIZE: true
BROWSER_API_CALLS_XHR_ONLY: false
SUPER_USERS:
  - quayadmin
FEATURE_QUOTA_MANAGEMENT: true

Both Harbor and Quay are container registry solutions, but they have different strengths. Harbor focuses on simplicity and ease of use, making it a good choice for teams new to container registries. Quay offers more advanced features and automation capabilities, which can be beneficial for larger organizations with complex workflows. Harbor has a more active development community and frequent updates, while Quay provides robust enterprise-grade features and security scanning. The choice between the two depends on specific organizational needs and technical expertise.

sonatype logo

nexus-public

1,898

Sonatype Nexus Repository Open-source codebase mirror

Pros of Nexus

  • More versatile repository manager supporting various package formats (Maven, npm, Docker, etc.)
  • Advanced security features like vulnerability scanning and license compliance
  • Extensive API and integration capabilities

Cons of Nexus

  • Steeper learning curve and more complex setup compared to Harbor
  • Resource-intensive, especially for larger installations
  • Some advanced features require a paid license

Code Comparison

Harbor (Go):

func (ra *RepositoryAPI) GetManifest() {
    repoName := ra.GetString(":splat")
    tag := ra.GetString(":tag")

    if len(repoName) == 0 || len(tag) == 0 {
        ra.HandleBadRequest("repository name or tag is empty")
        return
    }
}

Nexus (Java):

@GET
@Path("/{repository}/{group: .+}/{name}/{version}")
@Produces({APPLICATION_XML, APPLICATION_JSON})
public Response get(@PathParam("repository") String repository,
                    @PathParam("group") String group,
                    @PathParam("name") String name,
                    @PathParam("version") String version) {
    // Implementation details
}

Both repositories provide container registry functionality, but Harbor focuses primarily on Docker images, while Nexus offers a broader range of package management capabilities. Harbor excels in simplicity and ease of use for Docker-centric environments, whereas Nexus provides more extensive features for enterprise-level artifact management across multiple formats.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Harbor

CI Coverage Status Go Report Card CII Best Practices Codacy Badge Code scanning - action Nightly Status CONFORMANCE_TEST FOSSA Status

notificationCommunity Meeting
The Harbor Project holds bi-weekly community calls in two different timezones. To join the community calls or to watch previous meeting notes and recordings, please visit the meeting schedule.



Note: The main branch may be in an unstable or even broken state during development. Please use releases instead of the main branch in order to get a stable set of binaries.

Harbor

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Having a registry closer to the build and run environment can improve the image transfer efficiency. Harbor supports replication of images between registries, and also offers advanced security features such as user management, access control and activity auditing.

Harbor is hosted by the Cloud Native Computing Foundation (CNCF). If you are an organization that wants to help shape the evolution of cloud native technologies, consider joining the CNCF. For details about whose involved and how Harbor plays a role, read the CNCF announcement.

Features

  • Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
  • Role based access control: Users access different repositories through 'projects' and a user can have different permission for images or Helm charts under a project.
  • Policy based replication: Images and charts can be replicated (synchronized) between multiple registry instances based on policies with using filters (repository, tag and label). Harbor automatically retries a replication if it encounters any errors. This can be used to assist loadbalancing, achieve high availability, and facilitate multi-datacenter deployments in hybrid and multi-cloud scenarios.
  • Vulnerability Scanning: Harbor scans images regularly for vulnerabilities and has policy checks to prevent vulnerable images from being deployed.
  • LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor that can then be given permissions to specific projects.
  • OIDC support: Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.
  • Image deletion & garbage collection: System admin can run garbage collection jobs so that images(dangling manifests and unreferenced blobs) can be deleted and their space can be freed up periodically.
  • Notary: Support signing container images using Docker Content Trust (leveraging Notary) for guaranteeing authenticity and provenance. In addition, policies that prevent unsigned images from being deployed can also be activated.
  • Graphical user portal: User can easily browse, search repositories and manage projects.
  • Auditing: All the operations to the repositories are tracked through logs.
  • RESTful API: RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API.
  • Easy deployment: Harbor can be deployed via Docker compose as well Helm Chart, and a Harbor Operator was added recently as well.

Architecture

For learning the architecture design of Harbor, check the document Architecture Overview of Harbor.

API

  • Harbor RESTful API: The APIs for most administrative operations of Harbor and can be used to perform integrations with Harbor programmatically.

Install & Run

System requirements:

On a Linux host: docker 20.10.10-ce+ and docker-compose 1.18.0+ .

Download binaries of Harbor release and follow Installation & Configuration Guide to install Harbor.

If you want to deploy Harbor on Kubernetes, please use the Harbor chart.

Refer to the documentation for more details on how to use Harbor.

OCI Distribution Conformance Tests

Check the OCI distribution conformance tests report of Harbor.

Compatibility

The compatibility list document provides compatibility information for the Harbor components.

Community

Demos

  • Live Demo - A demo environment with the latest Harbor stable build installed. For additional information please refer to this page.
  • Video Demos - Demos for Harbor features and continuously updated.

Partners and Users

For a list of users, please refer to ADOPTERS.md.

Security

Security Audit

A third party security audit was performed by Cure53 in October 2019. You can see the full report here.

Reporting security vulnerabilities

If you've found a security related issue, a vulnerability, or a potential vulnerability in Harbor please let the Harbor Security Team know with the details of the vulnerability. We'll send a confirmation email to acknowledge your report, and we'll send an additional email when we've identified the issue positively or negatively.

For further details please see our complete security release process.

License

Harbor is available under the Apache 2 license.

This project uses open source components which have additional licensing terms. The official docker images and licensing terms for these open source components can be found at the following locations:

Fossa Status

FOSSA Status