Core Concepts

Understanding the key concepts in HarborGuard will help you get the most out of the platform.

Registries

A registry is a container image repository (Docker Hub, ECR, GCR, etc.) that HarborGuard connects to for image discovery and scanning.

Images are the container images discovered from your registries. Each image can have multiple tags representing different versions.

A scan is an execution of one or more security scanners against a container image. Scans can originate from cloud, edge sensors, or CI/CD pipelines.

Vulnerabilities are CVEs found during scans, tracked through a triage lifecycle: Open, Acknowledged, In Progress, Fixed, or Won't Fix.

The SBOM is a complete inventory of packages found in a container image, generated by Syft during scanning.

Compliance features generate evidence packs mapping your security posture to regulatory frameworks like SOC 2, PCI-DSS, and HIPAA.