An initiative focused on developing an open source registry that makes it easier to manage containers at scale has been updated.
Harbor, developed by VMware, is now a incubation project being developed under the auspices for the Cloud Native Computing Foundation (CNCF). The 1.9 release of Harbor adds a range of capabilities, including a Webhook notification that can be employed to integrate the registry more easily with continuous integration/continuous deployment (CI/CD) tools.
Other capabilities available in this latest release include the ability to replicate projects between the registry services of major cloud service providers, tag retention and project quotas that strengthen image lifecycle management and security, syslog integration and the ability to apply exceptions that would allow developers to continue to employ a container with a known bug.
Michael Michael, a Harbor contributor and product manager for VMware, says Harbor 1.9 now provides organizations with more granular over the registry.
For example, IT teams now can limit the number of tags that a project can contain as well as the amount of storage capacity a project can consume. Default quotas can be applied to individual projects or all projects. Those quotas also take into account the true size of the image capacity, including the sharing of layers across all images when multiple images are pushed concurrently.
Meanwhile, a Common Vulnerabilities and Exposures (CVE) exception policy capability enables organizations to determine the level of risk they want to assume while they continue to triage which container vulnerabilities they wish to prioritize. Rather than having a blanket CVE policy in place, DevOps teams now can continue to use a specific container while waiting to fix a vulnerability that may not be especially severe later, says Michael.
Administrators can create a systemwide whitelist of CVEs effective across all projects, which individual administrators can further fine-tune at the individual project level, he notes.
The team developing Harbor is also tracking an Artifacts project launched by the Open Container Initiative (OCI) consortium that will extend the reach of a single repository to encompass multiple artifacts such as Kubernetes deployment files, Helm Charts and other evolving formats alongside containers, he adds. As that specification matures, the Harbor team expects to achieve compatibility.
Michael says Harbor is gaining traction because it provides a private multitenant approach to container lifecycle management that comes with built-in static analysis tools that can be leveraged by providers of container security platforms. In the next version of Harbor, Michael says IT organizations should expect a more plug-and-play experience for third-party image scanners from vendors such as Aqua Security and Anchore. The Harbor team is also working on creating a Harbor operator for Kubernetes environments as well as image tag immutability capability.
It may be a while yet before Harbor becomes a top-level project at CNCF. However, the issues the Harbor team is addressing is of keen interest to enterprise IT organizations facing the challenges of governing and securing thousands of containers. In fact, given the challenges at hand, many of those organizations may not wait for CNCF to fully bless Harbor before adopting it.