How to Push and Scan images in Harbor registry

How to Push and Scan images in Harbor registry

harbor_image_push_and_scan

Here in this article we will try to use a sample springboot java project to build an artifact and a docker image which will be further pushed to harbor registry and scanned using trivy.

Test Environment

Fedora 41 server
Harbor v2.12.0

If you are interested in watching the video. Here is the YouTube video on the same step by step procedure outlined below.

Procedure

Step1: Ensure Harbor installed with Trivy

Here in this step ensure that you have Harbor installed and configured with the default Trivy scanner enabled. Follow my blog on “How to setup Harbor registry using Ansible playbook” for the same.

Step2: Build a sample springboot java project docker image

We are going to use a sample springboot based project for this demo. Ensure that you have git and jdk installed on the machine where you will try to clone the project and build it locally.

admin@linuxser:~$ git clone https://github.com/novicejava1/ldapdemo.git
Cloning into 'ldapdemo'...
remote: Enumerating objects: 35, done.
remote: Counting objects: 100% (35/35), done.
remote: Compressing objects: 100% (25/25), done.
remote: Total 35 (delta 0), reused 35 (delta 0), pack-reused 0 (from 0)
Receiving objects: 100% (35/35), 47.15 KiB | 1.96 MiB/s, done.

Build the project artificat using the below command which will generate the jar file in “build/libs” folder as shown below.

admin@linuxser:ldapdemo$ ./gradlew build
admin@linuxser:ldapdemo$ ls -ltr build/libs/ldapdemo-0.0.1-SNAPSHOT.jar 
-rw-r--r--. 1 admin admin 30162769 Nov 23 12:33 build/libs/ldapdemo-0.0.1-SNAPSHOT.jar

Now we can run our application using the below command and the application will be accessible at the URL mentioned below.

admin@linuxser:ldapdemo$ ./gradlew bootRun
URL - http://linuxser.stack.com:8080/login

The below script will help you to build the docker image as shown below.

admin@linuxser:~/ldapdemo$ ./docker-build.sh 
admin@linuxser:~/ldapdemo$ docker images
REPOSITORY                               TAG       IMAGE ID       CREATED         SIZE
ldapdemo                                 0.0.1     68c2cabf5b5b   5 seconds ago   356MB

Step3: Create Project in Harbor

In this step we are going to create a new public project named “stack” as shown below.

Step4: Push Docker Image

Once the docker image is built and the new project is created in the harbor portal we are ready to push the image to the harbor registry.

Before that ensure that you are able to connect to the registy using “docker login” as shown below.

admin@linuxser:~/ldapdemo$ docker login linuxser.stack.com
Authenticating with existing credentials...
WARNING! Your password will be stored unencrypted in /home/admin/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credential-stores

Login Succeeded

Once the registry connection is successfull, you can tag the image with /: name as shown below.

admin@linuxser:~/ldapdemo$ docker tag ldapdemo:0.0.1 linuxser.stack.com/stack/ldapdemo:0.0.1
admin@linuxser:~/ldapdemo$ docker images
REPOSITORY                               TAG       IMAGE ID       CREATED         SIZE
ldapdemo                                 0.0.1     68c2cabf5b5b   4 minutes ago   356MB
linuxser.stack.com/stack/ldapdemo        0.0.1     68c2cabf5b5b   4 minutes ago   356MB

Now we are ready to push the image with the new tag name to the registry as shown below.

admin@linuxser:~/ldapdemo$ docker push linuxser.stack.com/stack/ldapdemo:0.0.1
The push refers to repository [linuxser.stack.com/stack/ldapdemo]
f67301ff3e1e: Pushed 
580b226245af: Pushed 
34f7184834b2: Pushed 
5836ece05bfd: Pushed 
72e830a4dff5: Pushed 
0.0.1: digest: sha256:306b7821379cca5778f5a22aa1fc3c7ee8e12b7349a5eb89dbfed178d6e94444 size: 1371

Step4: Validate Harbor registry

Here you can check the image in the project “stack” that we created and see that the pushed image is available now.

Step5: Scan Image

When we install Harbor with Trivy scanner we can scan our images using it. We can also check the list of scanner and their health status as shown below in Interrogation Services as shown below.

Go to – Projects – stack – stack/ldapdemo repository from the list. You can scan the selected image using trivy by clicking on the “SCAN VULNERABILITY” button on the top as shown in screenshot below.

You can also validate the scan results by getting into the Interrogation Services and filter your repository for the list of CVE’s as shown below.

Hope you enjoyed reading this article. Thank you..