Anthropic-Cybersecurity-Skills/skills/securing-container-registry-with-harbor/references/workflows.md

# Workflows - Harbor Registry Security

## Workflow 1: Secure Image Pipeline
```
[Build Image] --> [Push to Harbor] --> [Auto-Scan (Trivy)] --> [Sign (Cosign)]
                                              |
                                    +---------+---------+
                                    |                   |
                                    v                   v
                            Vulnerabilities?     No vulnerabilities
                            Block deployment     Allow pull
```

## Workflow 2: Registry Hardening
```
Step 1: Enable HTTPS with valid TLS certificates
Step 2: Configure OIDC/LDAP authentication
Step 3: Create projects with auto-scan enabled
Step 4: Enable vulnerability prevention policy
Step 5: Configure content trust (Cosign)
Step 6: Set immutable tag rules for release tags
Step 7: Configure retention policies
Step 8: Enable audit logging
Step 9: Create robot accounts for CI/CD
Step 10: Test with vulnerability gate check
```