Skip to content

Vulnerability scan

Trivy is installed in Harbor and provides static analysis of vulnerabilities in container images. Project owners can trigger a scan through the web interface. Otherwise, it is run automatically every day after midnight.

After a scan, the list of known vulnerabilities is visible to everyone for public projects. For private projects, it is only visible to the Project Admin. To display a detailed list, click on the project, choose a repository, and then click on the artifact, e.g. sha256:b579d8d7.