Scan Image for Vulnerabilities

Harbor has Trivy, a vulnerability scanner, built in. Trivy can be used to scan images hosted on Harbor for any vulnerabilities. It provides a very robust list of results with valuable information for patching vulnerable images.

Note

This document assumes you have access to a project in Harbor with privileges to scan the images in that project. Documentation on how to accomplish that can be found at this link

In order to run the scanner login to the Harbor Web UI, navigate to your project by clicking on the name, and then click the name of the image you’d like to scan. It should automatically open the Artifacts tab that allows us to select the image and scan it. Check the box next to the artifact you want and click the scan button above it. It should look like the image below:

The box in the vulnerabilities column should change to Queued, then Scanning, and finally will give you a report of the vulnerabilities found. Hovering over the report will show a few more details, but the full report can be viewed by clicking on the artifact name. The whole report contains a lot of different information. An example of what the output looks like can be seen in the image below: