Security review
Deployment, data handling, and access.
The detail behind the homepage checklist, written for the person running the security screen. Forward this page.
Deployment model
Your team deploys it. Nothing is hosted for you.
- form factor
- An executable plus Helm charts and Terraform modules, deployed by your team into your environment.
- schedulers
- Works with Kubernetes and Slurm environments.
- air-gapped
- Runs with no internet access. Nothing about the diagnosis engine depends on an outside service.
Data handling
Zero egress, and we mean the word.
- telemetry
- Collected, stored, and analyzed entirely inside your environment. Nothing leaves it.
- this website
- Congruent by design: this site makes no third-party requests. Fonts are self-hosted and there is no external analytics.
Access model
Read-only against the cluster. Actions stay with your people.
- cluster access
- Harbor reads telemetry. It does not modify cluster state, schedule workloads, or touch hardware.
- remediation
- Operator-gated by design: Harbor recommends the fix, a person applies it, and Harbor verifies it took. Nothing is autonomous.
- auditability
- Every diagnosis shows the telemetry it rests on, so the conclusion can be audited after the fact.
How diagnoses are made
Inspectable paths, not an opaque model.
- method
- Signature-based detection over decision paths you can inspect, grounded in the telemetry shown on screen.
- verdicts
- A cause is either asserted, with the exact readings that prove it, or unconfirmed, with the evidence preserved. There is never a numeric confidence score.
What Harbor reads
The instrumentation, named.
- GPU telemetry (DCGM, high frequency)
- PCIe link state and AER counters
- NIC counters
- storage read latency
- XID and ECC events
- IPMI / BMC, where you grant it
All of it is instrumentation you already run or grant. Harbor reads it at diagnostic-grade frequency; it does not replace it.
Questions your review needs answered live?