Harbor

Harbor

Website

Trusted cloud native registry for storing, signing, and scanning artifacts

RepositoryWebsiteDemo
27.3kstars
5.1kforks
Last commit: 2d ago
Repo age: 10y old
Harbor screenshot

Harbor is a CNCF Graduated cloud native registry for managing container images and related artifacts with security and governance controls. It extends the OCI/Docker registry model with enterprise features like policy enforcement, vulnerability scanning, and image signing to support secure supply chains.

Key Features

  • Stores and manages container images and other cloud native artifacts, including Helm charts
  • Role-based access control using projects for multi-tenant repository management
  • Policy-based replication between registries for hybrid and multi-cloud deployments
  • Built-in vulnerability scanning with policies to block deployment of vulnerable artifacts
  • Image signing support and validation for provenance and integrity (including Notary-based workflows)
  • Authentication integrations including LDAP/AD and OpenID Connect for SSO
  • Audit logs for repository and administrative operations
  • REST API with Swagger/OpenAPI interface for automation and integrations

Use Cases

  • Run a private, policy-controlled registry for Kubernetes and Docker environments
  • Enforce artifact security (scan/sign) as part of CI/CD and release workflows
  • Replicate images across regions or datacenters for performance and availability

Limitations and Considerations

  • Full feature set and integrations typically require multiple supporting components (scanner, signing, auth provider) and careful operational configuration

Harbor is a strong fit for teams that need a secure, compliant artifact registry with enterprise access control and automation capabilities. It is widely adopted in cloud native environments and integrates well with Kubernetes-centric workflows.

Categories:

Package, Artifact & Container Registries

Tags:

# REST API# RBAC# Security Scanning# Audit Logging# Image Hosting# Package Registry

Tech Stack:

HelmHelmGoGoOpenAPI (Swagger)OpenAPI (Swagger)KubernetesKubernetesDockerDockerTypeScriptTypeScriptPythonPython
D
Docker Compose
Share:

Similar Services

Gitea

Gitea

Self-hosted Git hosting with code review, issues, and CI/CD

53.2k
6.3k
Last commit: 20h ago

Gitea is a lightweight, self-hosted Git service with repositories, pull requests, issues, wiki, packages, and built-in CI/CD via Actions and runners.

Alternative to:
GitHub
GitHub+6
VERT

VERT

On-device file converter running in WebAssembly.

13.3k
688
Last commit: 15d ago

WebAssembly-powered on-device file converter built with Svelte and TypeScript, enabling offline, privacy-first conversions.

Unregistry

Unregistry

Push Docker images to remote hosts over SSH without a registry

4.6k
79
Last commit: 4d ago

Unregistry is a lightweight OCI image registry plus Docker CLI plugin that pushes images directly to remote Docker hosts over SSH, transferring only missing layers.

Alternative to:
Docker Hub
Docker Hub+4
Zot

Zot

OCI-native container and artifact registry (OCI Distribution compliant)

1.7k
169
Last commit: 1d ago

Open-source, production-ready OCI-native container image and artifact registry with single-binary deployment, S3/local storage, web UI and CLI.

Alternative to:
Docker Hub
Docker Hub+3
F-Droid

F-Droid

FOSS Android app repository with a client for browsing and updates

F-Droid is a free and open source Android app repository and client for browsing, installing, and updating FOSS apps, with tooling to run and publish your own repo.

RepoFlow

RepoFlow

Simple, scalable package management for private and public repositories.

RepoFlow is a self-hosted package management platform supporting Docker, NPM, PyPI, Maven, and more, with CVE scanning, smart search, and access controls.

Alternative to:
JFrog Artifactory
JFrog Artifactory+6