All integrations
Infrastructure

Harbor integration

Harbor scans images at push time; Centraleyezer connects to the Harbor API, and for every asset mapped to a project/repository path it pulls the latest artifact vulnerability report — so your registry’s scan results become tracked, risk-scored findings without re-scanning anything.

Scan types imported

  • Container registry image scan results (Trivy-based)
  • OS package and library CVEs per image

API connection

Enter the Harbor host and an account that can read the target projects. The Test button lists every project and repository; each Centraleyezer asset is mapped to one project/repository (stored on the asset), and imports pull that repository’s current vulnerability report.

Configuration

Hostname
Harbor registry host.
Port
Harbor API port — default 443.
Username / Password
A Harbor user or robot account with pull/read permission on the projects.
Remote Identifier
The project/repository path (e.g. team/app) — populated by the Test button.
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Create a robot account in Harbor (Project → Robot Accounts) with read permission, or use a regular Harbor user. The account must be able to list projects, repositories and artifact vulnerabilities.

What gets imported on every run

  • The vulnerability report of each mapped repository’s artifact: CVE ID, severity, CVSSv3 (or v2) score and vector, CWE.
  • Affected package, installed version and fixed version — with an upgrade recommendation generated when a fix exists.

How imported findings are risk-scored

Every Harbor finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Harbor integration live

Book a demo and we’ll connect your Harbor data and walk through risk-based prioritisation on your own findings.

Harbor Integration — Setup & Imported Scan Types