Harbor — Self-Hosted, Open-Source

Cloud native image registry that stores, signs, and scans content.

License: Apache-2.0. Built with: Go, TypeScript, HTML, Python, RobotFramework, Jinja, SCSS, Shell, Go Template, Makefile, JavaScript, Dockerfile, PLpgSQL, CSS. Website: https://goharbor.io/. Source: https://github.com/goharbor/harbor.

Features

  • Cloud native registry: With support for both container images and Helm charts, Harbor serves as registry for cloud native environments like container runtimes and orchestration platforms.
  • Role based access control: Users access different repositories through 'projects' and a user can have different permission for images or Helm charts under a project.
  • Vulnerability Scanning: Harbor scans images regularly for vulnerabilities and has policy checks to prevent vulnerable images from being deployed.
  • LDAP/AD support: Harbor integrates with existing enterprise LDAP/AD for user authentication and management, and supports importing LDAP groups into Harbor that can then be given permissions to specific projects.
  • OIDC support: Harbor leverages OpenID Connect (OIDC) to verify the identity of users authenticated by an external authorization server or identity provider. Single sign-on can be enabled to log into the Harbor portal.
  • Image deletion & garbage collection: System administrators can run garbage collection jobs so that images (dangling manifests and unreferenced blobs) can be deleted and their space can be freed up periodically.
  • Notary: Support signing container images using Docker Content Trust (leveraging Notary) for guaranteeing authenticity and provenance. In addition, policies that prevent unsigned images from being deployed can also be activated.
  • Graphical user portal: User can easily browse, search repositories and manage projects.
  • Auditing: All the operations to the repositories are tracked through logs.
  • RESTful API: RESTful APIs are provided to facilitate administrative operations, and are easy to use for integration with external systems. An embedded Swagger UI is available for exploring and testing the API.

Installation

See official install docs: https://github.com/goharbor/harbor/releases

Why self-host Harbor

Self-hosting gives you three things SaaS can’t: data ownership (the files live on disks you control), cost predictability (a one-time setup vs. recurring per-seat fees that grow with your household or team), and longevity (open-source means the app keeps working even if the maintainers move on, since you can pin a working version). The trade-off is that you take on the operational work of running a server, applying updates, and handling backups.

What hardware do you need

Most self-hosted apps run comfortably on modest hardware — a Raspberry Pi 4, a mini PC, a NAS with Docker support, or a small VPS is usually enough for personal or family use. CPU and RAM requirements scale with how many simultaneous users or how much data you push through Harbor. Storage requirements depend on the kind of data you keep; check the README for guidance on data retention.

Where to go from here

  • Browse the full self-hosted app directory
  • Compare self-hosted alternatives side-by-side
  • DevOps roadmap — learn the skills to run your own server

Last verified: 2026-04-20