Skip to content

Latest commit

 

History

History
315 lines (288 loc) · 35.8 KB

mitigations.md

File metadata and controls

315 lines (288 loc) · 35.8 KB

Mitigation Strategies Analysis for goharbor/harbor

Mitigation Strategy: Enforce Mandatory Image Scanning

  • Mitigation Strategy: Enforce Mandatory Image Scanning
  • Description:
    1. Enable Vulnerability Scanning in Harbor: Navigate to Harbor's project settings and enable vulnerability scanning for relevant projects.
    2. Configure Harbor Scanner: Within Harbor's system settings, select and configure a vulnerability scanner (e.g., Trivy, Clair). Ensure proper integration and functionality.
    3. Set Harbor Scan Policy: Define a scan policy at the project or system level in Harbor. This policy should automatically trigger scans upon image push to Harbor.
    4. Define Harbor Block Policy (Optional but Recommended): Configure a vulnerability severity threshold within Harbor's vulnerability policies. Set a policy to prevent pushing or pulling images exceeding this threshold directly within Harbor.
    5. Integrate Harbor Scanning API with CI/CD: Utilize Harbor's vulnerability scanning API in the CI/CD pipeline. Before pushing images to Harbor, trigger a scan via the API and fail the pipeline if vulnerabilities exceed the defined threshold, preventing vulnerable images from being pushed to Harbor in the first place.
  • Threats Mitigated:
    • Vulnerable Container Images (High Severity): Deploying applications with known vulnerabilities present in container images stored in Harbor.
    • Supply Chain Attacks (Medium Severity): Compromised base images or dependencies introduced through vulnerable layers in container images managed by Harbor.
  • Impact:
    • Vulnerable Container Images (High Impact): Significantly reduces the risk by proactively identifying and preventing the deployment of vulnerable images stored and managed in Harbor.
    • Supply Chain Attacks (Medium Impact): Reduces the risk by identifying vulnerabilities in base images and dependencies within Harbor, allowing for remediation before deployment from Harbor.
  • Currently Implemented:
    • Vulnerability scanning is enabled in development and staging projects within Harbor using the Trivy scanner.
    • Basic scan policy is configured to scan on push in development and staging projects in Harbor.
    • Integration with CI/CD pipeline for vulnerability scanning using Harbor's API is implemented for the staging environment.
  • Missing Implementation:
    • Mandatory vulnerability scanning is not enforced in the production project within Harbor.
    • Block policy based on vulnerability severity is not configured in any environment within Harbor.
    • CI/CD pipeline integration for vulnerability scanning using Harbor's API is missing for the production environment.

Mitigation Strategy: Regularly Update Vulnerability Scanners in Harbor

  • Mitigation Strategy: Regularly Update Vulnerability Scanners in Harbor
  • Description:
    1. Monitor Harbor Scanner Updates: Subscribe to security advisories and release notes specifically for the vulnerability scanner integrated with Harbor (e.g., Trivy, Clair).
    2. Establish Harbor Scanner Update Schedule: Define a regular schedule for updating the vulnerability scanner within Harbor (e.g., monthly, quarterly).
    3. Automate Harbor Scanner Updates (If Possible): Explore if Harbor or the scanner provides automated update mechanisms. If available, configure and enable them within Harbor.
    4. Manual Harbor Scanner Update Procedure: If automation is not available, document a manual procedure for updating the scanner within Harbor. This should include steps to download the latest scanner version compatible with Harbor, replace the existing scanner within Harbor's configuration, and verify the update through Harbor's UI or API.
    5. Testing After Harbor Scanner Update: After each update within Harbor, perform basic testing through Harbor's interface to ensure the scanner is functioning correctly and integrated with Harbor as expected.
  • Threats Mitigated:
    • Outdated Vulnerability Definitions (Medium Severity): Using outdated vulnerability definitions in Harbor's scanner leads to missed detection of newly discovered vulnerabilities in images stored in Harbor.
    • Scanner Vulnerabilities (Low to Medium Severity): Vulnerability scanners integrated with Harbor can themselves have vulnerabilities. Keeping them updated patches these vulnerabilities and reduces the risk of scanner compromise within the Harbor environment.
  • Impact:
    • Outdated Vulnerability Definitions (Medium Impact): Significantly reduces the risk of missing new vulnerabilities in Harbor by ensuring the scanner has the latest vulnerability information within Harbor.
    • Scanner Vulnerabilities (Low to Medium Impact): Reduces the risk of scanner compromise within Harbor, maintaining the integrity of the vulnerability scanning process within Harbor.
  • Currently Implemented:
    • Manual updates of the Trivy scanner within Harbor are performed quarterly.
    • Procedure for manual scanner update within Harbor is documented.
  • Missing Implementation:
    • Automated scanner updates within Harbor are not implemented.
    • No formal monitoring of scanner updates or security advisories for the Harbor-integrated scanner is in place.
    • Testing after scanner updates within Harbor is not formally documented or consistently performed.

Mitigation Strategy: Implement Multi-Factor Authentication (MFA) in Harbor

  • Mitigation Strategy: Implement Multi-Factor Authentication (MFA) in Harbor
  • Description:
    1. Choose Harbor Supported MFA Method: Select an MFA method supported by Harbor (e.g., TOTP via Google Authenticator, U2F/WebAuthn) within Harbor's authentication settings.
    2. Enable MFA in Harbor Configuration: Configure Harbor to enable MFA through its authentication settings.
    3. User Enrollment Guidance for Harbor MFA: Provide clear instructions and support to Harbor users on how to enroll in MFA within their Harbor user profiles, for their chosen MFA method.
    4. Enforce Harbor MFA for Admins: Mandate MFA for all Harbor administrators and privileged accounts through Harbor's user management policies.
    5. Consider Enforcing Harbor MFA for All Users: Evaluate the feasibility and impact of enforcing MFA for all Harbor users to maximize security of access to Harbor.
    6. Regularly Review Harbor MFA Configuration: Periodically review the MFA configuration and user enrollment within Harbor to ensure it is correctly implemented and maintained within the Harbor system.
  • Threats Mitigated:
    • Credential Compromise for Harbor Accounts (High Severity): Compromised user credentials (usernames and passwords) for Harbor accounts due to phishing, password reuse, or weak passwords, leading to unauthorized access to Harbor.
    • Unauthorized Access to Harbor (High Severity): Unauthorized users gaining access to Harbor and its resources due to compromised Harbor credentials.
  • Impact:
    • Credential Compromise for Harbor Accounts (High Impact): Drastically reduces the risk of unauthorized access to Harbor even if passwords are compromised, as a second factor is required for Harbor login.
    • Unauthorized Access to Harbor (High Impact): Significantly reduces the likelihood of unauthorized access to Harbor by adding a strong barrier beyond just passwords for Harbor accounts.
  • Currently Implemented:
    • MFA using TOTP is enabled in Harbor.
    • MFA is mandatory for all Harbor administrators within Harbor.
    • Documentation for user MFA enrollment in Harbor is available.
  • Missing Implementation:
    • MFA is not enforced for regular developer users accessing Harbor.
    • U2F/WebAuthn MFA method is not configured or offered within Harbor.
    • Regular review of MFA configuration and user enrollment within Harbor is not formally scheduled.

Mitigation Strategy: Utilize Harbor Role-Based Access Control (RBAC) Effectively

  • Mitigation Strategy: Utilize Harbor Role-Based Access Control (RBAC) Effectively
  • Description:
    1. Define Harbor Roles: Clearly define roles within Harbor that align with user responsibilities and access needs within the context of Harbor projects and resources (e.g., Project Admin, Developer, Read-Only User within Harbor).
    2. Assign Least Privilege in Harbor: Grant users and groups within Harbor only the minimum necessary permissions required to perform their tasks within Harbor projects. Avoid assigning overly broad roles in Harbor.
    3. Project-Level RBAC in Harbor: Leverage Harbor's project-level RBAC to control access to specific projects and their resources (images, repositories, etc.) within Harbor.
    4. Regularly Review Harbor Permissions: Establish a schedule to regularly review user roles and permissions within Harbor projects. Identify and remove any unnecessary or excessive permissions granted within Harbor.
    5. Automate Harbor RBAC Management (If Possible): Explore options for automating RBAC management within Harbor, such as integrating with identity providers or using scripts to manage roles and permissions in Harbor.
    6. Audit Harbor RBAC Changes: Enable audit logging for RBAC changes within Harbor to track who made changes and when within the Harbor system.
  • Threats Mitigated:
    • Unauthorized Access to Harbor Resources (Medium to High Severity): Users gaining access to Harbor resources (images, repositories, projects) they are not authorized to access, potentially leading to data breaches, modifications, or disruptions within Harbor.
    • Privilege Escalation within Harbor (Medium Severity): Users with lower privileges potentially gaining higher privileges within Harbor due to misconfigured RBAC, leading to unauthorized actions within Harbor.
    • Insider Threats within Harbor (Medium Severity): Malicious insiders or compromised accounts with excessive permissions within Harbor can cause significant damage to the Harbor system and its managed resources.
  • Impact:
    • Unauthorized Access to Harbor Resources (Medium to High Impact): Significantly reduces the risk by enforcing access control within Harbor and limiting user permissions to only what is necessary within Harbor projects.
    • Privilege Escalation within Harbor (Medium Impact): Reduces the risk by ensuring clear role definitions and least privilege principles are applied within Harbor's RBAC system.
    • Insider Threats within Harbor (Medium Impact): Mitigates the potential damage from insider threats within Harbor by limiting the scope of access for each user within the Harbor environment.
  • Currently Implemented:
    • RBAC is enabled in Harbor.
    • Basic roles (Project Admin, Developer, Read-Only) are used within Harbor.
    • Project-level RBAC is configured for all projects within Harbor.
  • Missing Implementation:
    • More granular roles are not defined within Harbor to further restrict permissions.
    • Regular review of user permissions within Harbor is not formally scheduled.
    • Automation of RBAC management within Harbor is not implemented.
    • Audit logging for RBAC changes within Harbor is not enabled.

Mitigation Strategy: Configure Harbor to Use HTTPS for All Communication

  • Mitigation Strategy: Configure Harbor to Use HTTPS for All Communication
  • Description:
    1. Obtain TLS Certificates for Harbor: Acquire valid TLS certificates from a trusted Certificate Authority (CA) or use internally generated certificates if appropriate for the environment specifically for your Harbor instance.
    2. Configure Harbor for HTTPS: Configure Harbor's ingress controller (Nginx or Traefik) to use HTTPS for all communication. This involves configuring the ingress controller within your Harbor deployment to utilize the obtained TLS certificates. Refer to Harbor's documentation for specific configuration steps based on your deployment method.
    3. Enforce HTTPS Redirection in Harbor: Configure Harbor's ingress controller to automatically redirect all HTTP requests to HTTPS, ensuring all connections to Harbor are encrypted.
    4. HSTS Configuration for Harbor (Recommended): Enable HTTP Strict Transport Security (HSTS) in Harbor's ingress controller configuration to instruct browsers to always use HTTPS when interacting with Harbor in the future.
    5. Verify Harbor HTTPS Configuration: Test the Harbor web UI, API, and image registry endpoints to confirm that they are only accessible via HTTPS and that the TLS certificate presented by Harbor is valid and trusted.
  • Threats Mitigated:
    • Man-in-the-Middle (MITM) Attacks on Harbor Communication (High Severity): Attackers intercepting communication between clients and Harbor to eavesdrop on sensitive data (Harbor credentials, image data) or modify traffic to/from Harbor.
    • Data Eavesdropping on Harbor Traffic (High Severity): Sensitive data transmitted in plaintext over HTTP to/from Harbor can be intercepted and read by attackers.
    • Session Hijacking of Harbor Sessions (Medium Severity): Attackers intercepting unencrypted session cookies used for Harbor sessions to hijack user sessions and gain unauthorized access to Harbor.
  • Impact:
    • Man-in-the-Middle (MITM) Attacks on Harbor Communication (High Impact): Effectively prevents MITM attacks on communication with Harbor by encrypting all traffic, making it extremely difficult for attackers to intercept and modify traffic to/from Harbor.
    • Data Eavesdropping on Harbor Traffic (High Impact): Eliminates the risk of data eavesdropping on communication with Harbor by encrypting all data in transit to/from Harbor.
    • Session Hijacking of Harbor Sessions (Medium Impact): Significantly reduces the risk of session hijacking of Harbor sessions by protecting session cookies with encryption for Harbor communication.
  • Currently Implemented:
    • HTTPS is configured for Harbor using TLS certificates from Let's Encrypt.
    • HTTPS redirection from HTTP is enabled for Harbor.
  • Missing Implementation:
    • HSTS is not configured in Harbor's ingress controller.
    • Formal verification of Harbor's HTTPS configuration and certificate validity is not regularly performed.

Mitigation Strategy: Regularly Review Harbor Configuration

  • Mitigation Strategy: Regularly Review Harbor Configuration
  • Description:
    1. Establish Review Schedule: Define a regular schedule (e.g., quarterly, semi-annually) to review Harbor's configuration settings.
    2. Document Baseline Configuration: Document the intended and secure baseline configuration for Harbor.
    3. Configuration Review Process: Systematically review all relevant Harbor configuration settings (authentication, authorization, vulnerability scanning, network settings, etc.) against the documented baseline.
    4. Identify Misconfigurations: Identify any deviations from the baseline configuration or any settings that introduce security weaknesses in Harbor.
    5. Remediate Misconfigurations: Correct any identified misconfigurations and apply necessary security hardening settings within Harbor.
    6. Update Documentation: Update the baseline configuration documentation to reflect any changes made during the review process.
  • Threats Mitigated:
    • Misconfiguration Vulnerabilities in Harbor (Medium to High Severity): Security weaknesses introduced due to incorrect or insecure configuration of Harbor settings, potentially leading to unauthorized access, data breaches, or service disruptions.
    • Configuration Drift (Medium Severity): Gradual deviation from a secure baseline configuration over time, increasing the attack surface of Harbor.
  • Impact:
    • Misconfiguration Vulnerabilities in Harbor (Medium to High Impact): Reduces the risk of vulnerabilities arising from misconfigurations by proactively identifying and correcting them.
    • Configuration Drift (Medium Impact): Prevents configuration drift by regularly reviewing and enforcing the intended secure configuration of Harbor.
  • Currently Implemented:
    • Informal reviews of Harbor configuration are performed ad-hoc.
  • Missing Implementation:
    • No formal schedule for reviewing Harbor configuration is established.
    • Baseline configuration documentation for Harbor is not maintained.
    • Systematic configuration review process for Harbor is not defined or implemented.

Mitigation Strategy: Keep Harbor Updated

  • Mitigation Strategy: Keep Harbor Updated
  • Description:
    1. Monitor Harbor Releases: Subscribe to Harbor's release announcements, security advisories, and update notifications (e.g., via GitHub, mailing lists).
    2. Establish Update Schedule for Harbor: Define a schedule for applying Harbor updates, prioritizing security updates and patches.
    3. Test Updates in Non-Production: Before applying updates to production, thoroughly test them in a non-production (staging) Harbor environment to identify and resolve any compatibility issues or regressions.
    4. Apply Updates to Production Harbor: Apply tested updates to the production Harbor environment following a documented change management process.
    5. Verify Update Success: After applying updates, verify that Harbor is functioning correctly and that the update was successful.
  • Threats Mitigated:
    • Known Vulnerabilities in Harbor Software (High Severity): Exploitation of known vulnerabilities in outdated versions of Harbor software, potentially leading to complete compromise of the Harbor instance and its managed resources.
    • Lack of Security Patches (High Severity): Remaining vulnerable to publicly disclosed vulnerabilities for which patches are available in newer Harbor versions.
  • Impact:
    • Known Vulnerabilities in Harbor Software (High Impact): Significantly reduces the risk of exploitation of known vulnerabilities by promptly patching Harbor software.
    • Lack of Security Patches (High Impact): Ensures that Harbor is protected against known vulnerabilities by applying security patches in a timely manner.
  • Currently Implemented:
    • Harbor updates are applied reactively when major issues are encountered or new features are needed.
  • Missing Implementation:
    • No proactive monitoring of Harbor releases or security advisories is in place.
    • Formal update schedule for Harbor is not defined.
    • Testing of Harbor updates in a non-production environment is not consistently performed.
    • Documented change management process for Harbor updates is missing.

Mitigation Strategy: Implement Image Allowlisting/Blocklisting in Harbor

  • Mitigation Strategy: Implement Image Allowlisting/Blocklisting in Harbor
  • Description:
    1. Define Allowlist/Blocklist Criteria: Determine criteria for allowlisting (approved images/base images) and blocklisting (known vulnerable or prohibited images/components) within Harbor. This can be based on image names, tags, labels, or vulnerability scan results within Harbor.
    2. Utilize Harbor Image Labels and Tags: Leverage Harbor's image label and tag features to categorize and manage images for allowlisting and blocklisting.
    3. Implement Harbor Policies (If Available): Explore if Harbor provides policy features (e.g., OPA integration or built-in policies) to enforce allowlists and blocklists based on defined criteria.
    4. Integrate with CI/CD Pipeline: Integrate allowlist/blocklist checks into the CI/CD pipeline, potentially using Harbor's API or command-line tools, to prevent pushing or pulling non-compliant images to/from Harbor.
    5. Regularly Review and Update Lists: Establish a process to regularly review and update the allowlists and blocklists based on evolving security threats and organizational requirements within Harbor.
  • Threats Mitigated:
    • Use of Unapproved Images (Medium Severity): Developers or automated processes using container images that are not vetted or approved by security, potentially introducing vulnerabilities or non-compliant software.
    • Use of Known Vulnerable Images (Medium to High Severity): Accidental or intentional deployment of images known to contain vulnerabilities, even if vulnerability scanning is in place, if there's no enforcement mechanism to prevent their use in Harbor.
  • Impact:
    • Use of Unapproved Images (Medium Impact): Reduces the risk by guiding users towards approved and vetted images stored in Harbor.
    • Use of Known Vulnerable Images (Medium to High Impact): Provides an additional layer of defense by actively preventing the use of blacklisted vulnerable images within Harbor, even if they pass initial scans.
  • Currently Implemented:
    • Informal allowlisting of base images is communicated to development teams.
  • Missing Implementation:
    • Formal allowlists and blocklists are not defined or implemented within Harbor.
    • Harbor's image labels and tags are not systematically used for allowlisting/blocklisting purposes.
    • Policy enforcement for allowlists/blocklists within Harbor is not implemented.
    • CI/CD pipeline integration for allowlist/blocklist checks against Harbor is missing.
    • Regular review and update process for lists is not established.

Mitigation Strategy: Enforce Strong Password Policies in Harbor

  • Mitigation Strategy: Enforce Strong Password Policies in Harbor
  • Description:
    1. Configure Harbor Password Policies: Utilize Harbor's user management settings to configure strong password policies. This includes setting requirements for password complexity (minimum length, character types), password expiration, and password reuse prevention within Harbor.
    2. Communicate Password Policies to Harbor Users: Clearly communicate the enforced password policies to all Harbor users. Educate them on the importance of strong passwords and secure account management for their Harbor accounts.
    3. Regularly Review and Update Policies: Periodically review and update Harbor's password policies to ensure they remain aligned with current security best practices and organizational requirements.
  • Threats Mitigated:
    • Weak Passwords for Harbor Accounts (High Severity): Users choosing weak or easily guessable passwords for their Harbor accounts, making them vulnerable to brute-force attacks and credential stuffing.
    • Password Reuse for Harbor Accounts (Medium Severity): Users reusing passwords across multiple accounts, including their Harbor account, increasing the risk of compromise if one account is breached.
  • Impact:
    • Weak Passwords for Harbor Accounts (High Impact): Reduces the risk of successful password-based attacks against Harbor accounts by forcing users to choose stronger passwords.
    • Password Reuse for Harbor Accounts (Medium Impact): Mitigates the risk associated with password reuse for Harbor accounts by encouraging or enforcing unique passwords.
  • Currently Implemented:
    • Basic password complexity requirements are enabled in Harbor.
  • Missing Implementation:
    • Password expiration policies are not configured in Harbor.
    • Password reuse prevention is not configured in Harbor.
    • Communication of password policies to Harbor users is informal.
    • Regular review and update of Harbor password policies is not scheduled.

Mitigation Strategy: Secure API Access to Harbor

  • Mitigation Strategy: Secure API Access to Harbor
  • Description:
    1. Restrict API Access in Harbor: Configure Harbor's network policies or firewall rules to restrict access to Harbor's API endpoints to only authorized users, systems, and networks.
    2. Use API Keys/Tokens for Authentication: Enforce the use of API keys or tokens for authentication when accessing Harbor's API programmatically. Avoid using username/password authentication for API access.
    3. Implement RBAC for API Access: Leverage Harbor's RBAC system to control API access based on user roles and permissions. Ensure that API keys/tokens are associated with users or service accounts with appropriate RBAC roles.
    4. Rate Limiting and Throttling for Harbor API: Implement rate limiting and request throttling on Harbor's API endpoints to mitigate potential abuse, denial-of-service attacks, or brute-force attempts.
    5. Audit API Access to Harbor: Enable audit logging for API access to Harbor to track API requests, authentication attempts, and any suspicious activity.
  • Threats Mitigated:
    • Unauthorized API Access to Harbor (High Severity): Unauthorized users or systems gaining access to Harbor's API, potentially leading to data breaches, modifications, or service disruptions via the API.
    • API Abuse and Denial of Service (Medium to High Severity): Attackers abusing Harbor's API endpoints to perform malicious actions, overload the system, or launch denial-of-service attacks.
    • Credential Compromise via API (Medium Severity): Compromised API keys or tokens potentially granting broad access to Harbor's API if not properly managed and restricted.
  • Impact:
    • Unauthorized API Access to Harbor (High Impact): Significantly reduces the risk of unauthorized API access by restricting network access, enforcing authentication, and utilizing RBAC for API calls to Harbor.
    • API Abuse and Denial of Service (Medium to High Impact): Mitigates the risk of API abuse and DoS attacks by implementing rate limiting and throttling on Harbor's API.
    • Credential Compromise via API (Medium Impact): Reduces the impact of compromised API keys/tokens by enforcing RBAC and limiting the scope of access granted by each key/token to Harbor's API.
  • Currently Implemented:
    • API keys are used for CI/CD integration with Harbor.
  • Missing Implementation:
    • Network access restrictions to Harbor's API are not explicitly configured.
    • RBAC is not fully enforced for API access to Harbor.
    • Rate limiting and throttling are not implemented for Harbor's API endpoints.
    • Audit logging for API access to Harbor is not enabled.

Mitigation Strategy: Integrate Harbor with Enterprise Authentication Providers (LDAP/AD/OIDC)

  • Mitigation Strategy: Integrate Harbor with Enterprise Authentication Providers (LDAP/AD/OIDC)
  • Description:
    1. Configure Harbor Authentication Settings: Configure Harbor to integrate with your organization's existing authentication providers such as LDAP, Active Directory (AD), or OpenID Connect (OIDC) through Harbor's authentication settings.
    2. Test Integration: Thoroughly test the integration with the chosen authentication provider to ensure users can successfully authenticate to Harbor using their enterprise credentials.
    3. Utilize Group-Based Access Control from Enterprise Directory: Leverage group memberships from LDAP/AD/OIDC to manage Harbor permissions efficiently. Map enterprise groups to Harbor roles for streamlined RBAC management.
    4. Centralize User Management: Centralize user account management for Harbor within your enterprise directory, simplifying user provisioning, de-provisioning, and password management.
    5. Enforce Enterprise Authentication Policies: Leverage the security policies and controls enforced by your enterprise authentication provider (e.g., password complexity, account lockout) for Harbor user accounts.
  • Threats Mitigated:
    • Weak or Inconsistent Password Management for Harbor Accounts (Medium Severity): Independent password management for Harbor accounts potentially leading to weaker passwords and inconsistent password policies compared to enterprise standards.
    • Account Sprawl and Management Overhead (Medium Severity): Managing separate user accounts for Harbor adds administrative overhead and increases the risk of account sprawl and orphaned accounts.
    • Lack of Centralized Authentication Control (Medium Severity): Managing authentication separately for Harbor reduces centralized control and visibility over user access.
  • Impact:
    • Weak or Inconsistent Password Management for Harbor Accounts (Medium Impact): Improves password security for Harbor accounts by leveraging enterprise-grade password policies and management.
    • Account Sprawl and Management Overhead (Medium Impact): Reduces administrative overhead and account sprawl by centralizing user management within the enterprise directory.
    • Lack of Centralized Authentication Control (Medium Impact): Enhances centralized authentication control and visibility by integrating Harbor with the enterprise authentication infrastructure.
  • Currently Implemented:
    • Harbor is configured to use local user database for authentication.
  • Missing Implementation:
    • Integration with enterprise authentication providers (LDAP/AD/OIDC) is not implemented.
    • Group-based access control from enterprise directory is not utilized in Harbor.
    • Centralized user management for Harbor is not implemented.

Mitigation Strategy: Enable Content Trust (Image Signing and Verification) in Harbor

  • Mitigation Strategy: Enable Content Trust (Image Signing and Verification) in Harbor
  • Description:
    1. Enable Content Trust in Harbor: Configure Harbor to enable Content Trust functionality. This typically involves configuring notary or a compatible signing service within Harbor.
    2. Configure Docker Client for Content Trust: Configure Docker clients to enable Content Trust verification when pulling images from Harbor. This ensures that clients will only pull signed images.
    3. Sign Images During Push to Harbor: Integrate image signing into the image build and push process. Ensure that images are signed before being pushed to Harbor, using Docker Content Trust or a similar signing mechanism.
    4. Enforce Content Trust Verification in Environments: Enforce mandatory Content Trust verification in critical environments (e.g., production) to prevent the deployment of unsigned or tampered images pulled from Harbor.
    5. Key Management for Content Trust: Implement secure key management practices for Content Trust signing keys. Protect private keys and ensure proper key rotation and revocation procedures.
  • Threats Mitigated:
    • Image Tampering (High Severity): Malicious actors tampering with container images stored in Harbor, potentially injecting malware or vulnerabilities.
    • Image Provenance and Integrity Issues (Medium Severity): Lack of assurance about the origin and integrity of container images pulled from Harbor, making it difficult to verify their trustworthiness.
    • Supply Chain Attacks via Image Registry (Medium Severity): Attackers compromising the image registry or the image delivery pipeline to distribute malicious images.
  • Impact:
    • Image Tampering (High Impact): Effectively prevents the deployment of tampered images by ensuring image integrity through cryptographic signing and verification within Harbor.
    • Image Provenance and Integrity Issues (Medium Impact): Provides strong assurance about the provenance and integrity of images pulled from Harbor, enhancing trust in the image supply chain.
    • Supply Chain Attacks via Image Registry (Medium Impact): Mitigates the risk of supply chain attacks by verifying image signatures and ensuring that only trusted and signed images are deployed from Harbor.
  • Currently Implemented:
    • Content Trust is not enabled in Harbor.
  • Missing Implementation:
    • Content Trust functionality is not configured in Harbor.
    • Docker clients are not configured for Content Trust verification against Harbor.
    • Image signing is not integrated into the image build and push process to Harbor.
    • Content Trust verification is not enforced in any environment pulling images from Harbor.
    • Key management practices for Content Trust are not implemented.

Mitigation Strategy: Integrate Vulnerability Scanning into CI/CD Pipeline using Harbor API

  • Mitigation Strategy: Integrate Vulnerability Scanning into CI/CD Pipeline using Harbor API
  • Description:
    1. Utilize Harbor Vulnerability Scanning API: Integrate with Harbor's vulnerability scanning API within your CI/CD pipeline stages.
    2. Trigger Scan Before Image Push: In the CI/CD pipeline, before pushing a newly built container image to Harbor, trigger a vulnerability scan using Harbor's API.
    3. Analyze Scan Results via API: Retrieve and analyze the vulnerability scan results from Harbor's API within the CI/CD pipeline.
    4. Define Vulnerability Thresholds: Define acceptable vulnerability severity thresholds (e.g., no critical vulnerabilities, maximum of medium severity) for images to be promoted through the CI/CD pipeline.
    5. Fail Pipeline on Threshold Breach: Configure the CI/CD pipeline to automatically fail if the vulnerability scan results from Harbor exceed the defined thresholds. This prevents vulnerable images from being pushed to Harbor or deployed.
    6. Provide Feedback to Developers: Provide clear feedback to developers within the CI/CD pipeline about detected vulnerabilities and the reason for pipeline failure, enabling them to remediate vulnerabilities before images are pushed to Harbor.
  • Threats Mitigated:
    • Introduction of Vulnerabilities Early in Development Lifecycle (Medium Severity): Vulnerabilities being introduced into container images during the development process and potentially propagating to later stages if not detected early.
    • Deployment of Vulnerable Images from CI/CD (High Severity): Automated CI/CD pipelines inadvertently deploying vulnerable container images to Harbor and subsequent environments if vulnerability scanning is not integrated.
  • Impact:
    • Introduction of Vulnerabilities Early in Development Lifecycle (Medium Impact): Reduces the risk by shifting vulnerability detection left in the development lifecycle, enabling earlier remediation.
    • Deployment of Vulnerable Images from CI/CD (High Impact): Prevents the automated deployment of vulnerable images from CI/CD pipelines by enforcing vulnerability scanning and threshold checks before images are pushed to Harbor.
  • Currently Implemented:
    • Vulnerability scanning integration with CI/CD pipeline is partially implemented for staging environment.
  • Missing Implementation:
    • Vulnerability scanning integration with CI/CD pipeline is missing for development and production environments.
    • Automated pipeline failure based on vulnerability thresholds from Harbor API is not fully configured in any environment.
    • Clear feedback mechanism to developers about vulnerability scan results from CI/CD pipeline is not fully implemented.