# Harbor Integrate Harbor with OX to centralize security findings alongside container, pipeline, cloud, and runtime signals already in OX. OX scans Harbor on a schedule and on demand, enriches findings with OX context (application mapping, workflows, and compliance), and presents a unified queue for investigation and reporting. After you connect, Harbor scan results appear in the Active Issues page (use the filter **Source tool > Harbor**). ## What OX adds * **Context and correlation:** OX maps findings to applications, services, and teams to show impact and ownership. * **Prioritization with severity factors:** OX may reprioritize scanner severities when exploitability and environment context reduce risk (for example, Critical → High). Severity factors explain why the priority changed. * **Evidence at a glance:** When available, OX displays scanner evidence, file locations, and remediation guidance alongside OX analytics to speed triage. ## Connection Methods For general information about connection methods, see[ Connection methods](https://docs.ox.security/get-started/onboarding-to-ox/source-control/connection-methods). Connect to OX with a Harbor username and token. ## Prerequisites **OX** * OX permission to configure connectors **Harbor** * Admin permissions to the Harbor account you want to connect. The account must be a personal account. ## Connect with username and token ### Step 1: Create personal access token \[Harbor] This step has several parts.\ \ **Create Robot Account** 1. Verify the [prerequisites ](#prerequisites)are in place. 2. Log in to your Harbor account. 3. From the left menu pane, select **Robot Accounts**.

4. Select **New Robot Account**. 5. In **Create System Robot Account**, complete the details. * **Name:** Enter a name for the OX account. * **Expiration time:** Enter a value (days) or set to Never (recommended).

6. Select **Next**. **Add permissions** 1. In **Select System Permissions**, select the following permissions: * Project: List * Registry: List and Read

2. Select **Next**. 3. In **Select Project Permissions**, check the box to cover all projects or select the project and select **PERMISSIONS** to add permission for the selected project.

4. On the next screen, scroll and select the following permissions: * **Artifact:** List and Read * **Repository:** List, Pull and Read * **Project:** Read * **Tag:** List

5. Select **Finish**. 6. A success message displays and shows the token name and secret. Save the secret securely. You cannot view it again after this step.\ **Best practice:** Store credentials in a secrets manager and set a reminder to rotate them according to your policy.

### Step 2: Connect OX to Harbor \[OX] 1. Verify the [prerequisites ](#prerequisites)are in place. 2. In OX, go to **Connectors > Registry** and select **Harbor**.

3. Enter the following parameters.

Parameter	Details
Harbor Host URL	The Harbor URL
User Name	The name of the OX user
Password	The Harbor secret
Connection Name	System-generated

4. Select **CONNECT**. OX validates the credentials. 5. In **Configure your Harbor credentials**, select **VERIFY CONNECTIVITY**.\ A green checkmark indicates a successful connection. If verification fails, check your credentials and permissions. **Optional configurations** * To change the images OX scans and monitors, see the section [Change the locations OX scans](#change-the-locations-ox-scans). * To connect more Harbor accounts to the same organization in the OX platform, repeat the process. * For information on the OX Broker, see the article [OX Broker](https://docs.ox.security/get-started/onboarding-to-ox/prerequisites-and-access/ox-broker). ## Change the locations OX scans Once you have a connection, you can change the locations that OX scans and monitors. 1. Use the **Gear** icon at the bottom of the Configuration screen. 2. OX displays the locations or objects that OX scans and monitors. 3. Change the selection as needed. 4. Select **SAVE**.