Harbor integration
Harbor scans images at push time; Centraleyezer connects to the Harbor API, and for every asset mapped to a project/repository path it pulls the latest artifact vulnerability report — so your registry’s scan results become tracked, risk-scored findings without re-scanning anything.
Scan types imported
- Container registry image scan results (Trivy-based)
- OS package and library CVEs per image
API connection
Enter the Harbor host and an account that can read the target projects. The Test button lists every project and repository; each Centraleyezer asset is mapped to one project/repository (stored on the asset), and imports pull that repository’s current vulnerability report.
Configuration
Where to get the credentials
Create a robot account in Harbor (Project → Robot Accounts) with read permission, or use a regular Harbor user. The account must be able to list projects, repositories and artifact vulnerabilities.
What gets imported on every run
- The vulnerability report of each mapped repository’s artifact: CVE ID, severity, CVSSv3 (or v2) score and vector, CWE.
- Affected package, installed version and fixed version — with an upgrade recommendation generated when a fix exists.
How imported findings are risk-scored
Every Harbor finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.