Over the past month, I got tired of juggling different CLI scanners (Trivy, Grype, Syft, Dockle, etc.), for my work in DevSecOps. Stitching results together started becoming a hassle and my organization started heavily focusing on container security. It was messy, repetitive, and hard to keep track of active vulnerabilities.
So I built Harbor Guard, a modern, Next.js app that runs all major open-source container scanners, stores the results, and turns them into interactive visualizations you can actually use.
What Harbor Guard does:
- Runs 6 major tools: Trivy, Grype, Syft, Dockle, OSV Scanner, and Dive
- Unified dashboard: View and compare results without jumping between CLIs
- Historical tracking: Persist and compare scans across versions
- Advanced visualization: Interactive scatterplots, severity-based grouping, and layer-by-layer analysis
- Report export: Grab JSON or full ZIP packages for compliance
- API access: REST endpoints for automation and integrations
- Docker-native: Run it with a single docker run -p 3000:3000
Personally, I needed a tool that made vulnerability data easier to explore visually and had some fun putting something together.
GitHub: https://github.com/HarborGuard/HarborGuard
Live Demo: https://demo.harborguard.co
It’s free, open source, and I’d love feedback, bug reports, or feature ideas. Contributions welcome too.
Thanks, Brandon~