Skip to content

Interrogation Services

Scanners

This feature allows you to connect Harbor to additional vulnerability scanners. The scanner must expose an API endpoint to allow Harbor to trigger the scan process or get reports.

Interrogative service

Proceed as follows to add a new scanner:

  1. Click "+ NEW SCANNER" from the "Scanners" tab.
    The following window appears.

    Add scanner

  2. Enter project name and description.

  3. Enter the API endpoint address.
  4. Select the Authorization mode from the drop-down.

    None window

    • None: The scanner allows all connections without any security.
    • Basic: Enter a username and password for an account that can connect to the scanner.
    • Bearer: Paste the contents of a bearer token in the Token text box.
    • APIKey: Paste the contents of an API key for the scanner in the APIKey text box.
  5. Optionally select "Skip certificate verification" if the scanner uses a self-signed or untrusted certificate.

  6. Optionally select "Use internal registry address" if the scanner should connect to Harbor using an internal network address rather than its external URL.

    Note

    To use this option, the scanner must be deployed in a network that allows the scanner to reach Harbor via Harbor’s internal network.

  7. Click "Test Connection" to make sure that Harbor can connect successfully to the scanner.

  8. Click "Add" to connect Harbor to the scanner.

If you configure multiple scanners, select one and click "SET AS DEFAULT" to designate it as the default scanner.

To Disable, Edit or Delete scanner(s), use the corresponding options from the "ACTION" menu.

Vulnerability

Static analysis of vulnerabilities in images can be performed using the Vulnerability Scanning functionality. You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can set a policy to automatically scan all the images at specific intervals. However, set the automatic scan policy to the maximum up to "Daily".

Also, make sure to enable the "Automatically scan images on push" check box from "Projects > Configuration". For more information, refer to the Configuration section in Container Registry project.

Vulnerability

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.


Last update: March 7, 2022