Skip to content

Security review

Deployment, data handling, and access.

The detail behind the homepage checklist, written for the person running the security screen. Forward this page.

Deployment model

Your team deploys it. Nothing is hosted for you.

form factor
An executable plus Helm charts and Terraform modules, deployed by your team into your environment.
schedulers
Works with Kubernetes and Slurm environments.
air-gapped
Runs with no internet access. Nothing about the diagnosis engine depends on an outside service.

Data handling

Zero egress, and we mean the word.

telemetry
Collected, stored, and analyzed entirely inside your environment. Nothing leaves it.
this website
Congruent by design: this site makes no third-party requests. Fonts are self-hosted and there is no external analytics.

Access model

Read-only against the cluster. Actions stay with your people.

cluster access
Harbor reads telemetry. It does not modify cluster state, schedule workloads, or touch hardware.
remediation
Operator-gated by design: Harbor recommends the fix, a person applies it, and Harbor verifies it took. Nothing is autonomous.
auditability
Every diagnosis shows the telemetry it rests on, so the conclusion can be audited after the fact.

How diagnoses are made

Inspectable paths, not an opaque model.

method
Signature-based detection over decision paths you can inspect, grounded in the telemetry shown on screen.
verdicts
A cause is either asserted, with the exact readings that prove it, or unconfirmed, with the evidence preserved. There is never a numeric confidence score.

What Harbor reads

The instrumentation, named.

  • GPU telemetry (DCGM, high frequency)
  • PCIe link state and AER counters
  • NIC counters
  • storage read latency
  • XID and ECC events
  • IPMI / BMC, where you grant it

All of it is instrumentation you already run or grant. Harbor reads it at diagnostic-grade frequency; it does not replace it.

Questions your review needs answered live?