Skip to content

HarborGuard Documentation

HarborGuard is a container vulnerability scanning platform that unifies six open-source scanners (Trivy, Grype, Syft, Dockle, OSV-Scanner, Dive) behind one API and one dashboard. It produces vulnerability findings, SBOMs, license inventories, and audit-ready compliance evidence packs across every registry in your supply chain.

Get started in 5 minutes

  1. Sign in to your workspace at harborguard.co. The first user in a new organization becomes the owner.
  2. Connect a registry — Docker Hub, ECR, GCR, ACR, GHCR, GitLab, Harbor, JFrog, Quay, Nexus, or any OCI-compliant registry.
  3. Trigger a scan from the UI, the REST API, or your CI pipeline.
  4. Review findings — vulnerabilities ranked by exploitability (CVSS, EPSS, KEV), grouped by image, package, and SLA status.
  5. Export evidence — generate compliance packs (SOC 2, PCI-DSS, NIST, HIPAA, FedRAMP, ISO 27001, CMMC, CIS Docker) on demand.
curl -X POST https://harborguard.co/api/scans \
  -H "Authorization: Bearer hg_ak_..." \
  -H "Content-Type: application/json" \
  -d '{"image": "nginx:1.27", "scanners": ["trivy", "grype", "syft"]}'

Documentation map

Platform basics

Getting Started

First scan, core concepts, and glossary for new HarborGuard users.

Scanning

How scans run, scanner selection, and scheduling across the pipeline.

Registries

Connecting and managing image sources across every supported provider.

Sensors

Air-gapped and on-prem scanning agents for restricted networks.

Findings and remediation

Vulnerabilities

Triage workflow, SLA policies, and attestations for risk acceptance.

CVE Intelligence

NVD, OSV, GitHub Advisories, CISA KEV, and EPSS aggregation.

Compliance

Frameworks, controls, and audit-ready evidence packs on demand.

Operations

Organization

Members, roles, SSO, and the immutable audit log.

Notifications

Email, Slack, PagerDuty, and webhooks with circuit-breaker routing.

Billing

Plans, seats, and invoice history for your organization.

Reference

API Reference

REST endpoints, authentication, pagination, and rate limits.

Trust & Security

Certifications, sub-processors, data protection, and disclosure policy.

Changelog

Release history and notable platform updates.

Looking for the API? Jump to the API reference index for authentication, pagination, and the full endpoint catalog.

On this page