Harbor Container Registry
The Harbor registry is supported for the Registry sensor. Follow the steps below to add a Harbor Registry in order to scan it.
- Download the Registry sensor. Go to Configurations > Sensors > Download Sensor and pick Registry. Select the Docker environment where you want to deploy the sensor and follow the installation instructions on the screen. Ensure the registry sensor is in Running state and continue to the next step.
- Go to Assets > Registries > New Registry to add your Harbor Registry and set up a scanning schedule.
- Provide the following information:
- Registry Type: Choose registry type - Harbor Container Registry.
- URL: Enter the Harbor registry URL.
- Authentication: Enter authentication credentials for connecting to your registry. You can use Admin, User, or Robot accounts to access harbor container repository.
For a successful scan in a Private Repository with a Robot account, the following three permissions are mandatory:
- List Repository
- Pull Repository
- List ArtifactIf your Harbor registry version supports Token based authentication, then the sensor will perform the V2 catalog call with the authentication token. If authentication fails, then the sensor will automatically fall back to the Basic authentication method for the V2 catalog call.
- After adding registry information, click Next to enter scan settings.
- Select scan type - Automatic or On Demand.
Like with other registry types, you can choose to scan immediately (On Demand) or on an on-going basis (Automatic). For help with scan settings, see Configure Scan Settings.
- Container Security supports regex for repository names and tag names only. The project name should be specified in absolute terms using "/" as per Harbor's convention for mentioning a repository. You need to enter the repository name in the format `<project_name>/<repository_name
>`, and provide a tag name in the Images field.
- For proxy cache, we only support already cached images in Harbor when regex is used for creating a scan job. If a user wants to scan a non-cached image, the absolute values for both the repository and tag must be provided.