Skip to content

About

We build the security tool we wished existed.

HarborGuard started as the internal scanning pipeline at a SaaS shipping containers across three clouds. The frustration was always the same: every scanner finds something different, none of them produce evidence the auditors will accept, and patching means hand-rolling base image rebuilds at 2 AM.

Our principles

  • Open source first

    Every scanner we ship is open source. The product itself is licensed AGPL-3.0. If you can self-host the open source you can self-audit it.

  • Evidence over alerts

    A scanner that yells about CVEs nobody can fix is worse than no scanner. Findings are useless without context: who introduced the package, when, and what the SLA is. We build for triage, not for noise.

  • Compliance is a side effect

    If you ship containers responsibly, your compliance evidence should be a one-click export, not a six-week project. We treat SOC 2 and FedRAMP as outputs, not goals.

  • No vendor moat for vulnerabilities

    Vulnerability data should not be a paid moat. We ship with NVD, OSV, KEV, and EPSS integrations and never gate severity ratings behind a higher tier.

Stay in touch