Harbor

Harbor is the container registry for teams that need more than Docker Hub. It adds vulnerability scanning, RBAC, image signing, replication between registries, and audit logs on top of basic image storage. CNCF graduated, which means production-proven.

If you're running Kubernetes in production and need a private registry with security features, Harbor is the open-source standard. Docker Registry is the barebones alternative — stores images, nothing else. GitLab Container Registry bundles with GitLab's CI/CD. Commercially, ECR, GCR, and ACR are the managed options that eliminate ops burden.

The vulnerability scanning integration (via Trivy) catches CVEs before images hit production. Replication lets you mirror images across data centers or cloud regions. The web UI is actually usable for managing repositories and access.

The catch: Harbor is a full platform, not a lightweight tool. It needs PostgreSQL, Redis, and several services running. For small teams, the operational overhead might exceed the benefit — especially when your cloud provider's managed registry is a few clicks away. Also, the initial setup and HTTPS certificate configuration trips up many first-time deployers.