# Harbor

Integrate Harbor with OX to centralize security findings alongside container, pipeline, cloud, and runtime signals already in OX.

OX scans Harbor on a schedule and on demand, enriches findings with OX context (application mapping, workflows, and compliance), and presents a unified queue for investigation and reporting.

After you connect, Harbor scan results appear in the Active Issues page (use the filter **Source tool > Harbor**).

## What OX adds

* **Context and correlation:** OX maps findings to applications, services, and teams to show impact and ownership.
* **Prioritization with severity factors:** OX may reprioritize scanner severities when exploitability and environment context reduce risk (for example, Critical → High). Severity factors explain why the priority changed.
* **Evidence at a glance:** When available, OX displays scanner evidence, file locations, and remediation guidance alongside OX analytics to speed triage.

## Connection Methods

For general information about connection methods, see[ Connection methods](/get-started/onboarding-to-ox/source-control/connection-methods.md).

Connect to OX with a Harbor username and token.

## Prerequisites

**OX**

* OX permission to configure connectors

**Harbor**

* Admin permissions to the Harbor account you want to connect. The account must be a personal account.

## Connect with username and token

### Step 1: Create personal access token \[Harbor]

This step has several parts.\
\
**Create Robot Account**

1. Verify the [prerequisites ](#prerequisites)are in place.
2. Log in to your Harbor account.
3. From the left menu pane, select **Robot Accounts**.<br>

   <figure><img src="/files/RCKIVP8cJw9duJlllS9l" alt=""><figcaption></figcaption></figure>
4. Select **New Robot Account**.
5. In **Create System Robot Account**, complete the details.
   * **Name:** Enter a name for the OX account.
   * **Expiration time:** Enter a value (days) or set to Never (recommended).<br>

     <div align="left"><figure><img src="/files/FTjC64Tjswdlhk4oLmyh" alt="" width="563"><figcaption></figcaption></figure></div>
6. Select **Next**.

**Add permissions**

1. In **Select System Permissions**, select the following permissions:

   * Project: List
   * Registry: List and Read

   <div align="left"><figure><img src="/files/sAlcatOScjHTbkemMuvy" alt="" width="563"><figcaption></figcaption></figure></div>
2. Select **Next**.
3. In **Select Project Permissions**, check the box to cover all projects or select the project and select **PERMISSIONS** to add permission for the selected project.<br>

   <div align="left"><figure><img src="/files/2mGQORdKGmeW62FmpVVU" alt=""><figcaption></figcaption></figure></div>
4. On the next screen, scroll and select the following permissions:
   * **Artifact:** List and Read
   * **Repository:** List, Pull and Read
   * **Project:** Read
   * **Tag:** List<br>

     <div align="left"><figure><img src="/files/rwJZcYOKZ4JZCDFXHeI5" alt="" width="563"><figcaption></figcaption></figure></div>
5. Select **Finish**.
6. A success message displays and shows the token name and secret. Save the secret securely. You cannot view it again after this step.\
   **Best practice:** Store credentials in a secrets manager and set a reminder to rotate them according to your policy.<br>

   <div align="left"><figure><img src="/files/lQDi2y5Sn7ZXdcxvcpjW" alt="" width="563"><figcaption></figcaption></figure></div>

### Step 2: Connect OX to Harbor \[OX]

1. Verify the [prerequisites ](#prerequisites)are in place.
2. In OX, go to **Connectors > Registry** and select **Harbor**.<br>

   <div align="left"><figure><img src="/files/OnciBpoIDWy9v1yjv6t9" alt="" width="362"><figcaption></figcaption></figure></div>
3. Enter the following parameters.

<table><thead><tr><th width="225.20001220703125" valign="top">Parameter</th><th width="265.19989013671875" valign="top">Details</th></tr></thead><tbody><tr><td valign="top">Harbor Host URL</td><td valign="top">The Harbor URL</td></tr><tr><td valign="top">User Name</td><td valign="top">The name of the OX user</td></tr><tr><td valign="top">Password</td><td valign="top">The Harbor secret</td></tr><tr><td valign="top">Connection Name</td><td valign="top">System-generated</td></tr></tbody></table>

4. Select **CONNECT**. OX validates the credentials.
5. In **Configure your Harbor credentials**, select **VERIFY CONNECTIVITY**.\
   A green checkmark indicates a successful connection. If verification fails, check your credentials and permissions.

**Optional configurations**

* To change the images OX scans and monitors, see the section [Change the locations OX scans](#change-the-locations-ox-scans).
* To connect more Harbor accounts to the same organization in the OX platform, repeat the process.
* For information on the OX Broker, see the article [OX Broker](/get-started/onboarding-to-ox/prerequisites-and-access/ox-broker.md).

## Change the locations OX scans

Once you have a connection, you can change the locations that OX scans and monitors.

1. Use the **Gear** icon at the bottom of the Configuration screen.
2. OX displays the locations or objects that OX scans and monitors.
3. Change the selection as needed.
4. Select **SAVE**.

<div align="left"><figure><img src="/files/jffnn3K9mCPbTgdiiHHu" alt="" width="563"><figcaption></figcaption></figure></div>

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ox.security/ox-integrations/3rd-party-integrations/registry/harbor.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.