TL;DR: We’re removing unwanted release tags from our Harbor-registry and Harbor-trivy-adapter images to match harbor upstream release tags only.
We’re updating our Harbor registry and Harbor Trivy Adapter packaging and release tags to align with the upstream Harbor release process. This means we’ll remove extra release tags and keep only official tags.
If you’re already using the latest or official release tags, no action is needed.
Images that will be affected:
- harbor-registry
- harbor-trivy-adapter
- harbor-registry-fips
- harbor-trivy-adapter-fips
-
Announcement date Planned Change date 20th February, 2026 6th March, 2026 What is changing?
Chainguard will remove the following unwanted tags (including -dev and fips variants):
Harbor-registry: 3, 3.0, 3.0.0
Harbor-registry-fips: 3, 3.0, 3.0.0
Harbor-trivy-adapter: 0, 0.34, 0.34.0
Harbor-trivy-adapter-fips: 0, 0.34, 0.34.0
This update will be applied to the following images:
- harbor-registry
- harbor-trivy-adapter
- harbor-registry-fips
- harbor-trivy-adapter-fips
These changes ensure that Harbor images follow only official upstream releases for the best security posture.
Why is Chainguard making this change?
Upstream Harbor publishes registry and trivy-adapter tagged only with Harbor releases and not individual package versions (Distribution).
By moving to official release tags only, Chainguard ensures:
- Alignment with upstream release practices
- Greater consistency and stability for customers
- Reduced risk of using pre-release (potentially unstable) builds
How will this affect me?
If you use official or latest release tags:
- No action is required, and your workflows will continue as usual.
What do I need to do?
If you have been using an incorrect tag, please update your references to the new official tags, which are synced with harbor releases.
Need help or have questions?
We're here to help - visit our support portal at support.chainguard.dev.
- Chainguard Team
Comments
0 comments
Please sign in to leave a comment.