Image Security Simplified

HarborGuard is a unified security scanning platform that provides deep vulnerability analysis and visualization for Docker images using industry-leading security tools.

Get started with:

docker run -p 3000:3000 ghcr.io/harborguard/harborguard:latest
View on GitHub
Without HarborGuard
flowchart TB subgraph WITHOUT [" "] A1[CVE Disclosed]:::danger A2[Manual Triage] A3{Decision}:::decision A4[Manual Fix] A5[Unpatched]:::danger A6[Wait] A7[Vendor Patched]:::success A1 --> A2 A2 --> A3 A3 --> A4 A3 --> A5 A3 --> A6 A4 --> A7 A5 -.-> A7 A6 -.-> A7 end classDef default color:#f1f5f9 classDef danger fill:#dc2626,stroke:#991b1b,color:#ffffff,stroke-width:1px classDef decision fill:#2563eb,stroke:#1d4ed8,color:#ffffff,stroke-width:1px classDef success fill:#16a34a,stroke:#15803d,color:#ffffff,stroke-width:1px
With HarborGuard
flowchart TB subgraph WITH [" "] B1[CVE Disclosed]:::danger B2[Auto-Triage]:::highlight B3[Auto-Patch]:::highlight B4[Auto-Ignore]:::highlight B5[Track]:::highlight B6[Vendor Patched]:::success B1 --> B2 B2 --> B3 B2 --> B4 B2 --> B5 B3 --> B6 B4 -.-> B6 B5 -.-> B6 end classDef default color:#f1f5f9 classDef danger fill:#dc2626,stroke:#991b1b,color:#ffffff,stroke-width:1px classDef highlight fill:#22c55e,stroke:#16a34a,color:#ffffff,stroke-width:1px classDef success fill:#16a34a,stroke:#15803d,color:#ffffff,stroke-width:1px
HarborGuard CVE patching interface

Intelligent CVE Patching

Automatically identify and remediate vulnerabilities with smart patching recommendations and automated container image rebuilding.

  • ✓ Automated patch recommendations
  • ✓ Base image update detection
  • ✓ Zero-day vulnerability response

Reduce your attack surface by automatically identifying fixable CVEs and providing actionable remediation steps for your container images.

Multi-Tool Security Scanning

HarborGuard integrates industry-leading security scanners to provide comprehensive vulnerability detection and analysis for your container images.

  • ✓ Trivy, Grype, and Syft vulnerability scanning
  • ✓ Interactive vulnerability visualization
  • ✓ Layer-by-layer image analysis with Dive

Get complete visibility into your container security posture with detailed vulnerability reports and remediation guidance.

HarborGuard security scanning results
HarborGuard vulnerability database interface

Centralized Vulnerability Database

Track and manage vulnerabilities across your entire container image inventory with a unified database that aggregates findings from all security scanners.

  • ✓ Cross-image vulnerability correlation
  • ✓ Historical vulnerability tracking
  • ✓ Impact analysis across deployments

Gain complete visibility into your security posture with a comprehensive database that tracks every vulnerability across all your container images in one centralized location.

Choose Your Edition

Start with our free open source edition or unlock enterprise features

Open Source

Perfect for individuals and small teams

  • ✓ All 6 security scanners
  • ✓ Vulnerability Patching
  • ✓ Web-based dashboard
  • ✓ Community support
  • ✓ AGPL-3.0 License

Enterprise

Advanced features for organizations

  • Everything in Open Source
  • ✓ SAML/LDAP integration
  • ✓ Priority support & SLA
  • ✓ Commercial license
Contact Us

Visualization & Metrics

Gain deep insights into your container security posture

📊

Interactive Charts

Vulnerability scatterplots and severity tracking

🔍

Layer Analysis

Detailed layer-by-layer image exploration

Strong Community

Trusted by the contributors around the world

Concurrent Scans

High-performance scanning capability enabling fast response

Frequently Asked Questions

What security tools does HarborGuard integrate?

HarborGuard integrates six industry-leading security tools: Trivy for comprehensive vulnerability scanning, Grype for vulnerability matching, Syft for SBOM generation, Dockle for best practices checking, OSV Scanner for open source vulnerabilities, and Dive for layer analysis.

How do I deploy HarborGuard?

HarborGuard can be deployed using Docker with a simple command: docker run -p 3000:3000 harborguard/harborguard:latest. It supports various configuration options via environment variables and can be deployed in multiple environments including cloud platforms and on-premises infrastructure.

What are the system requirements?

HarborGuard requires Docker to be installed on your system. It needs a PostgreSQL database for storing scan results and metadata. The platform supports concurrent scans with configurable timeout settings (5-180 minutes). Recommended minimum: 4GB RAM and 2 CPU cores for optimal performance.