Harbor 2.2.0 was just released and comes with some very interesting features.
This post walks you through the newly added features and changes explaining the capabilities. Since the last release of v2.1.0 in September 2020, eleven contributors made 41 changes and resolved 189 issues.
Robot accounts got a complete revamp, now supporting robot accounts on system level.
System-level robot accounts can access to multiple projects.
Robot accounts gained 6 more permissions, permitting now robot accounts to delete resources and manage tags and trigger vulnerability scans.
Selective API access for robot accounts. Additions permissions can be assigned to robot accounts via the API.
The robot account name prefix is now optional. No $ sign is now confusing the shell.
Metrics & Observability
Harbor will now expose performance and system information indicators to provide better observability.
OIDC Admin Group, allows specifying a special privileged admin group for OIDC auth, achieving parity with LDAP auth.
Added support for Aqua CSP Enterprise Vurnability Scanner
Migrate GC/Scan all/Tag Retention and Replication to task manager/scheduler.
Enhance the proxy cache to support Google Container Registry(GCR), Elastic Container Registry(ECR), Azure Container Registry(Azure), Quay.io.
Refine project manage & robot API to support both project ID & Name as indicator.
Deprecate built-in Clair. Users still have the option to install Clair in out-of-tree fashion by pairing with Harbor through its interrogation services framework.
The ChartMuseum is scheduled to be deprecated in a future v2.4.0 release.
API: The /systeminfo API now displays less information when the request is triggered by an unauthenticated user. For details, please refer to the following issue comment:
Scan Report: After upgrading to v2.2, all scan reports in the previous version will be been deleted because of changes in the vulnerability database scheme. You need to re-scan the artifacts to get the reports.