Harbor is an open-source, cloud native registry that secures artifacts (Docker Images, Helm Charts) with policies and role-based access control, ensures images are scanned and free from vulnerabilities, and signs images as trusted. Harbor, a CNCF Graduated project, delivers compliance, performance, and interoperability to help you consistently and securely manage artifacts across cloud native compute platforms like Kubernetes and Docker.
Harbour runs as docker containers and needs docker engine and docker-compose.
It also needs openSSL to sign the docker images, generate certificates and keys
Harbour releases can be found here - https://github.com/goharbor/harbor/releases
There is a demo harbour website you can try , you need to first sign up and start test trial.
One can arrange artifacts under projects as below,
Under the projects(click projects) you can find the docker images and helm charts for that project.
Scanners can be configured to scan the docker images for vulnerabilities, More info here.
A summary of the artifacts can be found here,
While integrating with Kubernetes clusters you need to configure SSH keys in the secret object and access the docker images and helm charts.