LFX Sep-Nov: Add Harbor and Harbor Satellite project ideas for LFX mentoring

Vad1mo · Vad1mo · commit c2f7d3b52264 · 2025-07-29T17:29:16.000+02:00
Signed-off-by: Vadim Bauer &lt;vb@container-registry.com&gt;
diff --git a/programs/lfx-mentorship/2025/03-Sep-Nov/project_ideas.md b/programs/lfx-mentorship/2025/03-Sep-Nov/project_ideas.md
@@ -29,6 +29,105 @@
   - Bill Mulligan (@xmulligan, bill@isovalent.com)
 - Upstream Issue: https://github.com/cilium/cilium.io/issues/633
 
+### Harbor
+
+#### Harbor CLI - System Settings and Configuration
+
+- Description: Harbor is a widely adopted container registry, and its initial CLI has been developed by LFX mentees. The goal is to extend this CLI by implementing additional functionalities and workflows that are currently only available in the Web UI. The CLI should be useful for Harbor administrators and users, especially to manage workflows within CI/CD pipelines. We seek a Golang-experienced mentee to enhance the CLI independently.
+
+- Expected Outcome:
+  - Extend the Harbor CLI to include essential commands not yet implemented.
+  - Add new features to improve Harbor management via the CLI for Harbor Administration, enabling robust workflows in CI/CD environments.
+  - Review and test all implemented commands to ensure they work as expected.
+- Recommended Skills: Golang, spf13/cobra, Harbor
+- Mentor(s):
+  - Vadim Bauer (@vad1mo, vb@container-registry.com) 
+  - Prasanth Baskar (@bupd, bupdprasanth@gmail.com)
+- Upstream Issue: https://github.com/goharbor/harbor-cli/issues/450
+
+
+
+#### Extend Harbor's Pluggable Scanner API for Runtime Behavior Profiles
+
+- Description: Harbor is a widely adopted container registry. As one of the most widely adopted container registries, it is a critical component in modern software supply chains. This project aims to enhance its security capabilities by extending Harbor's Pluggable Scanner specification to support Runtime Behavior Profiles (also known as a Behavior of Bill, or "BoB"). While Software Bill of Materials (SBOMs) describe what an artifact *contains*, a BoB describes how it *behaves* at runtime. By integrating `kubescape-node-agent` as a scanner, Harbor will be able to retrieve, store, and display these runtime profiles for OCI artifacts. This allows software producers to ship secure-by-default configurations and provides consumers with a way to verify runtime behavior, detect anomalies, and report unexpected activity. This feature will create greater trust in artifacts and help users meet emerging compliance requirements, such as the EU's CyberResilience Act, by enabling active breach identification through anomaly detection.
+
+- Expected Outcome:
+  * Propose and document the minimally necessary modifications to the Harbor Pluggable Scanner Spec to support the retrieval of runtime profiles.
+  * Implement a scanner adapter that integrates `kubescape-node-agent` with Harbor.
+  * The adapter must be able to retrieve and process SPDX-compliant Runtime Profiles (SBOBs).
+  * Extend Harbor's UI to allow users to view runtime profiles and see potential mismatches between expected and observed behavior.
+  * Lay the foundation for interoperability of runtime and supply chain security tooling across the CNCF ecosystem.
+
+- Recommended Skills:
+  * Golang
+  * REST API Design
+  * Kubernetes
+  * Containers and OCI Image/Distribution Specifications
+  * Familiarity with software supply chain security concepts (SBOM, SPDX)
+
+- Mentor(s):
+  * Vadim Bauer (@vad1mo, vb@container-registry.com)
+  * Prasanth Baskar (@bupd, bupdprasanth@gmail.com)
+
+* **Upstream Issue:**
+  - Upstream Issue: https://github.com/goharbor/pluggable-scanner-spec/issues/22
+
+
+#### Harbor Satellite: Q&A and Docs
+
+- Description: As edge computing grows, managing container registries at edge becomes a challenge. As the Harbor satellite project matures and evolves, we need to improve the code quality, the release process and user documentation.
+
+- Expected Outcome:
+  - Extend build and release artifacts using Dagger.
+  - Perform code reviews and establish a Q&A process
+  - Create, Update and Improve documentation for Harbor Satellite.
+  - Implement new features.
+  
+- Recommended Skills 
+  - Golang
+  - GitHub workflow
+  - Dagger
+  - Testing 
+  - Q&A
+  - Good writing and communication 
+  
+
+- Mentor(s):
+  - Vadim Bauer (@vad1mo, vb@container-registry.com)
+  - Prasanth Baskar (@bupd, bupdprasanth@gmail.com)
+
+- Upstream Issue: https://github.com/goharbor/harbor/issues/21959
+
+
+#### Harbor Satellite: Implementing a Eventing System for Satellite
+
+- Description:
+  Harbor Satellite is a lightweight, OCI-compliant registry (currently based on Zot) designed to run on edge devices, such as Raspberry Pi or ARM-based hardware. It acts as a local container registry for edge devices and workloads. The satellite autonomously fetches configuration and state, registers with Ground Control, reports its status, and optionally sends system-level events to connected edge systems.
+
+- Expected Outcome:
+  - Implement an eventing mechanism to notify edge systems about critical state transitions (e.g., "state update ready", "sync complete").
+  - Improve build and release pipelines.
+  - Make the satellite functional on ARM-based edge devices (like Raspberry Pi).
+  - Add reliable state and health reporting back to Ground Control.
+  - Add e2e tests to validate artifact fetching, status reporting, and eventing.
+
+- Recommended Skills
+  - Golang
+  - Containers
+  - Edge Computing
+  - OCI Image/Distribution Spec
+  - Webhooks
+  - Event-Driven Architecture
+
+- Mentor(s):
+  - Vadim Bauer (@vad1mo, vb@container-registry.com)
+  - Orlin Vasilev (@OrlinVasilev, orlin@orlix.org)
+  - Prasanth Baskar (@bupd, bupdprasanth@gmail.com)
+
+- Upstream Issue: https://github.com/goharbor/harbor/issues/21986
+- LFX
+
+
 ### Jaeger
 
 #### Next-Generation Jaeger Demo with OpenTelemetry and OpenSearch (2025 Term 3)
