The Open Container Initiative (OCI) has announced the general availability of Harbor 2.0. The latest release makes it the first OCI-compliant open-source registry capable of storing cloud-native artifacts such as container images, Helm charts, OPAs, and Singularity. In addition, it enables pulling, pushing, deleting, tagging replicating and scanning artifacts.

“Although Harbor is now OCI-compliant, existing users should not worry; all of the familiar operations and key benefits of Harbor translate well to OCI. You can push, pull, delete, retag, copy, scan, and sign indexes just like you’ve been able to do with images. Vulnerability scanning and project policies, key ingredients to enforcing security and compliance, have been revamped to work with OCI artifacts. We also provided a new, key capability: you now have the ability to delete an image tag without deleting the underlying manifest and all other associated image tags. You can also view untagged images, and have the option to exclude them from being garbage-collected,” the Harbor team wrote in a blog post.

Notable key features include:

  • Trivy as the default vulnerability scanner
  • TLS between Harbor components for more secure intra-components traffic  
  • Ability to configure SSL for core Harbor services
  • Webhook enhancements such as interaction with Slack and multiple endpoint support
  • Enhanced robot account 
  • Improved error handling framework
  • Ability to view untagged images in UI
  • Ability to selectively delete tags from an image without deleting the image digest or associated tags. 

More information is available here.