Harbor Plugin from Prisma Cloud Consolidates Vulnerability Data

Feb 17, 2021
3 minutes
... views

Prisma Cloud customers often use Harbor, an open source registry, to store their container images as part of the application continuous delivery pipeline. In addition to storing images, Harbor also supports image vulnerability scanning via pluggable scanners, so users have full visibility into image components and can mitigate risks before deployment.

We are excited to share that Prisma Cloud, in collaboration with the Harbor community, has released an easy-to-integrate, pluggable vulnerability scanner, allowing DevOps teams to view image vulnerability results within the Harbor UI.

Here are four of the top reasons why you should consider integrating the Prisma Cloud pluggable scanner with your Harbor registry today!

 

1. Scan Before You Deploy

If ‘shift-left’ is not on your radar yet, it most definitely should be. It simply means adding security checks as early as feasible in application development. This gives application owners visibility into any known vulnerabilities before deployment and helps ensure that only secure and trusted images are deployed to production.

With the Prisma Cloud Harbor integration, users can easily identify vulnerable images in the Harbor registry itself, without having to log into a different console or UI. All data is available for automated security reports directly in your registry.

Vulnerability scan results from Prisma Cloud shown in the Harbor UI
Vulnerability scan results from Prisma Cloud shown in the Harbor UI

 

2. Continuously Updated Threat Data

Prisma Cloud image scans are powered by Intelligence Stream, a real-time threat feed that contains vulnerability data and threat intelligence from commercial providers, our Unit 42 threat research team, and the open source community. With new vulnerabilities discovered each day, this stream is continuously updated so that you automatically have the latest thread feed available for your image scans.

The scanner connects to the Prisma Cloud Console, which uses this intelligence feed to match images in your registry against the latest vulnerability data..

Prisma Cloud Intelligence Stream vulnerability data displayed in Harbor
Prisma Cloud Intelligence Stream vulnerability data displayed in Harbor

 

3. Ease of Integration

To integrate with the pluggable scanner, it's as easy as Ctrl+C and Ctrl+V.

Simply take these three steps -

  1. Add Harbor registry to your Compute Console as part of your initial setup.
  2. Copy the URL for the pluggable scanner
  3. Add it as an Interrogation service in your Harbor registry.

Your scanner is now ready to scan any and all of your repositories. You can choose to scan either specific images or all of the images in your registry.

Adding Prisma Cloud as an image scanner in Harbor
Adding Prisma Cloud as an image scanner in Harbor

 

4. End-to-End Security

Combining the capabilities from Harbor with extensive runtime capabilities in Prisma Cloud, such as blocking ‘untrusted’ images from initializing in your hosts, can provide a full end-to-end security model for your organization.

Scheduling Prisma Cloud vulnerability scans from the Harbor UI
Scheduling Prisma Cloud vulnerability scans from the Harbor UI

 

Begin Using Prisma Cloud with Harbor

For detailed set up instructions, you can check out our technical documentation for existing users. Or if you're not using Prisma Cloud yet, take a look at our product page for cloud workload protection.

 


Subscribe to Cloud Native Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.