explaingit

goharbor/harbor

📈 Trending28,509GoAudience · ops devopsComplexity · 4/5ActiveLicenseSetup · hard

TLDR

A self-hosted container registry with built-in security scanning, access controls, and image replication for teams that need a private place to store and manage container images.

Mindmap

mindmap
  root((Harbor))
    What it does
      Private image storage
      Security scanning
      Access controls
      Image replication
    Key features
      Role-based permissions
      Enterprise login support
      Audit logging
      Web dashboard
    Use cases
      Team deployments
      Multi-datacenter sync
      Sensitive image storage
    Tech stack
      Go
      Docker Compose
      Kubernetes Helm
    Deployment
      Self-hosted
      Cloud or on-premise

Things people build with this

USE CASE 1

Set up a private container registry for your team to push and pull images without using public Docker Hub.

USE CASE 2

Automatically scan container images for security vulnerabilities before they are deployed to production.

USE CASE 3

Replicate images across multiple registries in different data centers or cloud regions for disaster recovery and load balancing.

USE CASE 4

Manage access to container images by team or project using role-based permissions and integrate with your company's existing login system.

Tech stack

GoDockerKubernetesHelmLDAPOpenID Connect

Getting it running

Difficulty · hard Time to first run · 1day+

Requires Kubernetes cluster, persistent storage, LDAP/OIDC configuration, and multiple interdependent services to be operational.

Open source under the Apache 2.0 license; use freely for any purpose including commercial, with attribution.

In plain English

Harbor is an open source container registry, a private, secure place to store and manage the container images (think of containers as pre-packaged, portable software bundles) that your team builds and deploys. Instead of relying solely on public registries like Docker Hub, Harbor gives you your own hosted registry with added security and management features. What makes Harbor stand out is what it layers on top of basic storage. It can automatically scan images for known security vulnerabilities before they get deployed. It supports role-based access control, meaning different team members can have different permissions for different projects. It can replicate (synchronize) images between multiple registries in different locations, which helps with backups, load balancing, and operating across data centers or cloud providers. Harbor also integrates with enterprise login systems (LDAP/Active Directory and OpenID Connect), so users can log in with the same accounts they use for other internal tools. Every action in the system is logged for auditing, and a graphical web portal makes it easy to browse and search stored images without command-line tools. You would use Harbor if you are running software built with containers and need a private, self-hosted place to store those containers with security scanning, access controls, and replication. It is especially useful for organizations that cannot or prefer not to push sensitive images to public cloud registries. Harbor is a Cloud Native Computing Foundation (CNCF) project, written in Go, and can be deployed using Docker Compose or Helm Chart (a Kubernetes packaging format).

Copy-paste prompts

Prompt 1
How do I deploy Harbor using Docker Compose for a small team's private container registry?
Prompt 2
Show me how to set up automatic vulnerability scanning for container images in Harbor before deployment.
Prompt 3
How do I configure Harbor to replicate images between my on-premise registry and a cloud provider's registry?
Prompt 4
What are the steps to integrate Harbor with my company's LDAP directory so users log in with their existing accounts?
Prompt 5
How do I use Harbor's web interface to search, browse, and manage container images without using the command line?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.