explaingit

goharbor/harbor

Analysis updated 2026-06-20

28,438GoAudience · ops devopsComplexity · 4/5LicenseSetup · hard

TLDR

Harbor is a self-hosted private container image registry that adds automated security scanning, role-based access control, and cross-region replication on top of basic image storage.

Mindmap

mindmap
  root((Harbor))
    What it does
      Private image registry
      Vulnerability scanning
      Role-based access
      Image replication
    Tech Stack
      Go
      Docker Compose
      Helm
      Kubernetes
    Use Cases
      Air-gapped deployments
      Security compliance
      Multi-region sync
    Audience
      DevOps engineers
      Platform teams
      Enterprise IT
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Host a private internal registry to keep container images off public Docker Hub.

USE CASE 2

Automatically scan every pushed image for known security vulnerabilities before deployment.

USE CASE 3

Replicate images between multiple data centers or cloud regions for redundancy and failover.

USE CASE 4

Enforce role-based permissions so teams only access the projects they own.

What is it built with?

GoDockerKubernetesHelmLDAP

How does it compare?

goharbor/harbormicro-editor/microopentofu/opentofu
Stars28,43828,54728,580
LanguageGoGoGo
Setup difficultyhardeasymoderate
Complexity4/51/53/5
Audienceops devopsdeveloperops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Docker Compose or a running Kubernetes cluster with Helm installed.

Free to use, modify, and distribute for any purpose including commercial, as long as you include the Apache 2.0 license notice.

In plain English

Harbor is an open source container registry, a private, secure place to store and manage the container images (think of containers as pre-packaged, portable software bundles) that your team builds and deploys. Instead of relying solely on public registries like Docker Hub, Harbor gives you your own hosted registry with added security and management features. What makes Harbor stand out is what it layers on top of basic storage. It can automatically scan images for known security vulnerabilities before they get deployed. It supports role-based access control, meaning different team members can have different permissions for different projects. It can replicate (synchronize) images between multiple registries in different locations, which helps with backups, load balancing, and operating across data centers or cloud providers. Harbor also integrates with enterprise login systems (LDAP/Active Directory and OpenID Connect), so users can log in with the same accounts they use for other internal tools. Every action in the system is logged for auditing, and a graphical web portal makes it easy to browse and search stored images without command-line tools. You would use Harbor if you are running software built with containers and need a private, self-hosted place to store those containers with security scanning, access controls, and replication. It is especially useful for organizations that cannot or prefer not to push sensitive images to public cloud registries. Harbor is a Cloud Native Computing Foundation (CNCF) project, written in Go, and can be deployed using Docker Compose or Helm Chart (a Kubernetes packaging format).

Copy-paste prompts

Prompt 1
I want to deploy Harbor as a private Docker registry on Kubernetes using Helm. Walk me through the steps including setting up TLS and an admin password.
Prompt 2
How do I configure Harbor to automatically scan container images for CVE vulnerabilities every time an image is pushed?
Prompt 3
Set up LDAP authentication in Harbor so my team logs in with their existing Active Directory credentials instead of separate accounts.
Prompt 4
How do I create a replication rule in Harbor to mirror images from my primary registry instance to a secondary one in a different region?

Frequently asked questions

What is harbor?

Harbor is a self-hosted private container image registry that adds automated security scanning, role-based access control, and cross-region replication on top of basic image storage.

What language is harbor written in?

Mainly Go. The stack also includes Go, Docker, Kubernetes.

What license does harbor use?

Free to use, modify, and distribute for any purpose including commercial, as long as you include the Apache 2.0 license notice.

How hard is harbor to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is harbor for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub goharbor on gitmyhub

Verify against the repo before relying on details.