Is Harbor — Cloud Native Trusted Container Registry free to use?

Yes. Harbor — Cloud Native Trusted Container Registry is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Harbor — Cloud Native Trusted Container Registry?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

ScriptsApr 11, 2026·3 min read

Harbor — Cloud Native Trusted Container Registry

Harbor is a CNCF-graduated open-source container registry that stores, signs, and scans container images. Vulnerability scanning, RBAC, replication, and OCI support.

Script Depot · Community

TL;DR

Harbor stores, signs, and scans container images with vulnerability scanning, RBAC, replication, and OCI compliance.

§01

What it is

Harbor is a CNCF-graduated open-source container registry that stores, signs, and scans container images and OCI artifacts. It provides vulnerability scanning (via Trivy), role-based access control (RBAC), image replication across registries, and content trust through Cosign/Notary. Harbor adds enterprise security features on top of the Docker distribution.

Harbor is designed for platform teams and organizations that need a private container registry with security, compliance, and multi-site replication capabilities.

§02

How it saves time or tokens

Using Docker Hub for private images means trusting a third party with your container images and paying for private repository limits. Harbor gives you a self-hosted registry with enterprise features at zero licensing cost. Vulnerability scanning runs automatically on every push, RBAC controls who can access each project, and replication keeps registries synchronized across data centers. These features would require multiple tools or an expensive commercial registry.

§03

How to use

Download and install Harbor:

wget https://github.com/goharbor/harbor/releases/download/v2.11.0/harbor-offline-installer-v2.11.0.tgz
tar xvf harbor-offline-installer-v2.11.0.tgz
cd harbor
cp harbor.yml.tmpl harbor.yml
# Edit harbor.yml: set hostname, HTTPS certificates, passwords
./install.sh

docker login harbor.example.com
docker tag my-app:latest harbor.example.com/myproject/my-app:latest
docker push harbor.example.com/myproject/my-app:latest

Harbor automatically scans the pushed image for vulnerabilities. View results in the web UI.

§04

Example

Configuring Harbor for automated vulnerability scanning and replication:

# harbor.yml (key settings)
hostname: harbor.example.com
https:
  port: 443
  certificate: /etc/ssl/harbor.crt
  private_key: /etc/ssl/harbor.key

# Enable Trivy scanner
trivy:
  enabled: true
  skip_update: false

# Database
database:
  password: harbor-db-password
  max_open_conns: 100

After installation, configure replication rules in the web UI to sync images to a secondary Harbor instance for disaster recovery.

§05

Related on TokRepo

DevOps tools — Browse container and registry tools
Security tools — Explore container security solutions

§06

Common pitfalls

Not configuring HTTPS. Harbor should always run with TLS in production. Docker clients refuse to push to insecure registries by default. Set up certificates before deploying.
Ignoring vulnerability scan results. Harbor scans images automatically, but you must configure policies to block deployment of images with critical vulnerabilities.
Not setting up garbage collection. Deleted image tags still consume disk space until garbage collection runs. Schedule periodic GC jobs to reclaim storage.
Starting with an overly complex configuration instead of defaults. Begin with the minimal setup, verify it works, then customize incrementally. This approach catches configuration errors early and keeps troubleshooting straightforward.

For teams evaluating this tool, the time saved on initial setup alone justifies the adoption. The well-documented API and active community mean most common questions have already been answered, reducing the learning curve and the number of tokens spent explaining basic usage to AI assistants.

Frequently Asked Questions

What vulnerability scanner does Harbor use?+

Harbor uses Trivy as its default vulnerability scanner. Trivy scans container images for known CVEs in OS packages and application dependencies. Scan results are shown in the Harbor UI with severity ratings.

Does Harbor support Helm charts?+

Yes. Harbor supports OCI artifacts, which includes Helm charts. You can push and pull Helm charts using the standard Helm OCI registry commands. Harbor applies the same security features (scanning, RBAC) to Helm charts.

Can Harbor replicate images to other registries?+

Yes. Harbor supports pull-based and push-based replication to other Harbor instances, Docker Hub, AWS ECR, Google GCR, Azure ACR, and other OCI-compatible registries.

Is Harbor CNCF certified?+

Yes. Harbor is a CNCF-graduated project, the highest maturity level. This indicates it is production-ready, widely adopted, and follows CNCF governance standards.

How does Harbor handle access control?+

Harbor provides project-based RBAC with roles: admin, developer, maintainer, and guest. Each role has different permissions for pushing, pulling, scanning, and managing images within a project.

Citations (3)

Harbor GitHub— Harbor is a CNCF-graduated container registry
Harbor Documentation— Vulnerability scanning with Trivy
CNCF Harbor— CNCF graduated project status

Related on TokRepo

DevOps tools Security tools Self-hosted tools

Discussion

No comments yet. Be the first to share your thoughts.

Harbor — Cloud Native Trusted Container Registry

What it is

How it saves time or tokens

How to use

Example

Related on TokRepo

Common pitfalls

Frequently Asked Questions

Citations (3)

Related on TokRepo

Discussion

Related Assets

NAPI-RS — Build Node.js Native Addons in Rust

Mamba — Fast Cross-Platform Package Manager

Plasmo — The Browser Extension Framework