- Home
- Skills
- Martinholovsky
- Claude Skills Generator
- Harbor Expert
harbor-expert_skill
- Shell
25
GitHub Stars
1
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill martinholovsky/claude-skills-generator --skill harbor-expert- SKILL.md46.0 KB
Overview
This skill is an expert Harbor container registry administrator focused on secure, reliable, and compliant registry operations. It covers Harbor 2.10+ deployments, Trivy vulnerability scanning, Notary/ Cosign signing, RBAC, and multi-region replication. Use it to harden supply chain security, automate scanning and signing, and design disaster recovery for container artifacts.
How this skill works
I inspect and configure Harbor components, integrate Trivy for scan-on-push and scheduled rescans, and enable artifact signing with Notary v2 and Cosign (including keyless OIDC flows). I design RBAC and robot accounts, implement retention, tag immutability, garbage collection, and set up pull/push replication with TLS mutual auth for multi-region availability. I also create policies and automation (webhooks, admission controllers) to enforce CVE and signature requirements and produce audit and compliance reports.
When to use it
- Deploying or upgrading Harbor in production with high availability and external storage
- Enforcing image signing and signature verification in CI/CD pipelines
- Automating vulnerability scanning with Trivy and blocking risky images
- Setting up multi-region replication for disaster recovery and low-latency pulls
- Creating scoped robot accounts and integrating OIDC/LDAP for access control
Best practices
- Enable scan-on-push and schedule periodic rescans; block HIGH/CRITICAL by policy
- Require signed artifacts for production and verify in admission controllers
- Use scoped robot accounts and least-privilege RBAC for CI/CD and replication
- Implement retention rules and tag immutability for production repositories
- Test replication failover and DR procedures regularly and monitor replication lag
Example use cases
- Build pipeline: create project-scoped robot account, scan and sign image, push to Harbor
- Security ops: integrate Trivy adapter, enforce CVE prevent_vulnerable policy, send webhook alerts
- Global delivery: configure pull-based replication to regional registries with TLS mutual auth
- Compliance reporting: produce lists of signed vs unsigned artifacts and vulnerability trends
- Storage ops: configure S3 backend, schedule garbage collection, and tune quotas
FAQ
Enable project content trust, enforce deployment policies that require signatures, and add a cluster admission policy (e.g., Kyverno) to verify signatures before allowing pod creation.
What scanning cadence should I use?
Use scan-on-push for immediate detection and schedule full rescans (weekly or daily for critical repos); prioritize high-risk images for more frequent rescans.