Skip to content
Container Security Platform

Every Image Scanned.
Every Framework Covered.

Harborguard unifies six open-source security scanners behind a single dashboard. Detect vulnerabilities, generate SBOMs, monitor CVEs, and prove compliance across 10 frameworks.

VULNERABILITY SCANNING
SBOM GENERATION
LAYER ANALYSIS
COMPLIANCE REPORTING

Compliance Frameworks

SOC 2 Type IIPCI-DSS v4.0NIST SP 800-53 Rev 5HIPAA Security RuleFedRAMP ModerateISO/IEC 27001:2022CMMC Level 2CIS Docker BenchmarkSOC 2 Type IIPCI-DSS v4.0NIST SP 800-53 Rev 5HIPAA Security RuleFedRAMP ModerateISO/IEC 27001:2022CMMC Level 2CIS Docker Benchmark
DEEP SCANNING

Six Scanners. One Workflow.

Run Trivy, Grype, Syft, Dockle, OSV-Scanner, and Dive against any image from any registry. HarborGuard deduplicates findings across scanners and attributes each CVE to the tool that found it.

  • Trivy + Grype vulnerability detection
  • Syft SBOM generation (SPDX & CycloneDX)
  • Dockle CIS benchmark grading
  • Dive layer-by-layer image inspection
  • OSV open-source vulnerability matching
Scan Results
CVE-2024-6197openssl
Critical
CVE-2024-5535openssl
High
CVE-2024-3596openssl
Medium
Trivy: 12 findingsGrype: 9 findings3 unique
Connected Registries
Docker Hub
Connected
AWS ECR
Connected
GitHub GHCR
Connected
Harbor
Connected
Azure ACR
Connected
+ 6 more supported providers
REGISTRY SUPPORT

Every Registry. One Pane of Glass.

Connect Docker Hub, ECR, GCR, ACR, GHCR, GitLab, Harbor, JFrog, Quay, Nexus, or any OCI-compliant registry. Schedule scans, filter by tag patterns, and monitor sync health.

  • 11 registry providers including custom OCI
  • Scheduled and on-push scanning
  • Tag pattern filtering (include/exclude)
  • Real-time sync and connection health
CVE INTELLIGENCE

Monitor. Triage. Attest.

Search NVD, OSV, GitHub Security Advisories, and CISA KEV from one interface. CVE Watch continuously monitors for new vulnerabilities affecting your packages and alerts your team via Slack, email, PagerDuty, or webhooks.

  • 4 CVE sources aggregated and deduplicated
  • CVE Watch with real-time alerting
  • Vulnerability triage with SLA tracking
  • False-positive attestations with audit trail
CVE Watch Alerts

CVE-2024-6197

curl 8.6.0

CRITICAL

CVE-2024-5535

openssl 3.2.1

HIGH

CVE-2024-3596

freeradius 3.0

HIGH
Slack + PagerDuty notified
Compliance Frameworks
SOC 2 Type II
PCI-DSS v4.0
NIST SP 800-53 Rev 5
HIPAA Security Rule
FedRAMP Moderate
ISO/IEC 27001:2022
CMMC Level 2
CIS Docker Benchmark
+ Custom framework support
COMPLIANCE ENGINE

Audit-Ready Evidence. Always.

Generate compliance packs for SOC 2, PCI-DSS, NIST 800-53, HIPAA, FedRAMP, ISO 27001, CMMC, and CIS Docker Benchmark. Build custom reports with the visual report builder, schedule recurring generation, and export evidence packs on demand.

  • 10 compliance frameworks out of the box
  • Visual report builder with custom sections
  • SLA tracking and MTTR metrics
  • Immutable audit log for every action
  • Scheduled report generation
BUILT FOR TEAMS

Enterprise-Grade from Day One

RBAC & Teams

Owner, admin, developer, auditor, and viewer roles. Organize members into teams scoped to specific registries.

SSO & SCIM

SAML, OIDC, and LDAP single sign-on. SCIM provisioning with automated role mapping from your identity provider.

Notifications

Route alerts to Slack, email, PagerDuty, or custom webhooks. Configure per-severity thresholds and digest schedules.

API & CI/CD

Full REST API with scoped API keys and personal access tokens. Trigger scans from your CI pipeline.

SBOM & Dependencies

Aggregate SBOMs across all images. Track package versions, licenses, and vulnerability exposure in one view.

Layer Analysis

Inspect image layers, compare consecutive layer diffs, and identify which layer introduced a vulnerability.

Dashboard & Metrics

Customizable dashboard with compliance posture, severity trends, scan coverage, and mean-time-to-remediate KPIs.

Cloud Sensors

Deploy lightweight scan sensors via Docker or Kubernetes. Scans run in your infrastructure, results report back.

PRICING

Open Source Core. Enterprise Scale.

Open Source

Free

Self-hosted, full scanner suite

  • All 6 security scanners
  • Vulnerability dashboard
  • SBOM generation
  • Layer analysis
  • Community support
  • AGPL-3.0 License

Enterprise

Custom

Managed platform for organizations

  • Everything in Open Source
  • 10 compliance frameworks
  • CVE Watch with alerting
  • SSO / SAML / SCIM
  • RBAC & team management
  • Priority support & SLA
HarborGuardharborguard

Continuous container security and vulnerability management for teams that ship containers.

Product

FeaturesCompliancePricingDocumentation

Open Source

GitHub RepositoryReport an IssueLicense (AGPL-3.0)

© 2026 HarborGuard. All rights reserved.