Migrating more 1.10 updates into reorg

docs/harbor-doc-reorg/_index.md

@@ -16,12 +16,12 @@ This section describes how to install Harbor and perform the required initial co
       - [Run the Installer Script](install_config/installation/run_installer_script.md)
       - **[Troubleshooting Harbor Installation](install_config/installation/troubleshoot_installation.md)**
   - [Post-Installation Configuration](install_config/configuration/_index.md)
-      - [Reconfigure Harbor and Manage the Harbor Lifecycle](install_config/configuration/reconfigure_manage_lifecycle.md)
-      - [Customize the Harbor Token Service](install_config/configuration/customize_token_service.md)
-      - [Configure Notary Content Trust](install_config/configuration/configure_notary_content_trust.md)
+      - **[Reconfigure Harbor and Manage the Harbor Lifecycle](install_config/configuration/reconfigure_manage_lifecycle.md)**
+      - **[Customize the Harbor Token Service](install_config/configuration/customize_token_service.md)**
+      - **[Configure Notary Content Trust](install_config/configuration/configure_notary_content_trust.md)**
   - [Initial Configuration in the Harbor UI](install_config/configuration/initial_config_ui.md)
       - [Configure Authentication](install_config/configuration/configure_authentication.md)
-      - [Other General Settings](install_config/configuration/general_settings.md)
+      - **[Administrator Options](install_config/configuration/general_settings.md)**
   
 ## Harbor Administration
 
@@ -29,17 +29,17 @@ This section describes how to use and maintain Harbor after deployment. These da
 
 - [Harbor Administration](administration/_index.md)
   - [Manage Users](administration/managing_users/_index.md)
-      - [Harbor Role Based Access Control (RBAC)](administration/managing_users/configure_rbac.md)
+      - **[Harbor Role Based Access Control (RBAC)](administration/managing_users/configure_rbac.md)**
       - [User Permissions By Role](administration/managing_users/user_permissions_by_role.md)
-      - [Configure Harbor User Settings at the Command Line](administration/managing_users/configure_user_settings_cli.md)
-      - [Manage Roles by LDAP Group](administration/managing_users/manage_role_by_ldap_group.md)
+      - **[Configure Harbor User Settings at the Command Line](administration/managing_users/configure_user_settings_cli.md)**
   - [Configure Project Settings](administration/configure_project_settings/_index.md)
       - [Set Project Quotas](administration/configure_project_settings/set_project_quotas.md)
   - [Configuring Replication](administration/configuring_replication/_index.md)
       - [Create Replication Endpoints](administration/configuring_replication/create_replication_endpoints.md)
       - [Create Replication Rules](administration/configuring_replication/create_replication_rules.md)
       - [Manage Replications](administration/configuring_replication/manage_replications.md) 
-  - [Vulnerability Scanning with Clair](administration/vulnerability_scanning/_index.md)
+  - [Vulnerability Scanning](administration/vulnerability_scanning/_index.md)
+      - [Connect Harbor to Additional Vulnerability Scanners](administration/vulnerability_scanning/pluggable_scanners.md)
       - [Scan an Individual Image](administration/vulnerability_scanning/scan_individual_image.md)
       - [Scan All Images](administration/vulnerability_scanning/scan_all_images.md)
       - [Schedule Scans](administration/vulnerability_scanning/schedule_scans.md)
@@ -61,10 +61,11 @@ This section describes how users with the developer, master, and project adminis
       - [Create a Project](working_with_projects/create_projects.md)
       - [Assign Users to a Project](working_with_projects/add_users.md)
   - [Project Configuration](working_with_projects/project_configuration.md)
-      - [Access and Search Project Logs](working_with_projects/access_project_logs.md)
+      - **[Access and Search Project Logs](working_with_projects/access_project_logs.md)**
       - [Create Robot Accounts](working_with_projects/create_robot_accounts.md)
       - [Configure Webhook Notifications](working_with_projects/configure_webhooks.md)
       - [Configure a Per-Project CVE Whitelist](working_with_projects/configure_project_whitelist.md)
+      - **[Implementing Content Trust](working_with_projects/implementing_content_trust.md)**
   - [Working with Images, Tags, and Helm Charts](working_with_projects/working_with_images.md)
       - [Pulling and Pushing Images](working_with_projects/pulling_pushing_images.md)
       - [Create Labels](working_with_projects/create_labels.md)

docs/harbor-doc-reorg/administration/configure_project_settings/set_project_quotas.md

@@ -1,6 +1,6 @@
 # Set Project Quotas
 
-To exercise control over resource use, as a system administrator you can set  quotas on projects. You can limit the number of tags that a project can contain and limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
+To exercise control over resource use, as a Harbor system administrator you can set  quotas on projects. You can limit the number of tags that a project can contain and limit the amount of storage capacity that a project can consume. You can set default quotas that apply to all projects globally.
 
 **NOTE**: Default quotas apply to projects that are created after you set or change the default quota. The default quota is not applied to projects that already existed before you set it.
 
@@ -8,16 +8,13 @@ You can also set quotas on individual projects. If you set a global default quot
 
 By default, all projects have unlimited quotas for both tags and storage use. 
 
-1. Go to **Configuration** > **Project Quotas**.
+1. Select the **Project Quotas** view.
    ![Project quotas](../../img/project-quota1.png)
 1. To set global default quotas on all projects, click **Edit**.
+
    ![Project quotas](../../img/project-quota2.png)
-   1. For **Default artifact count**, enter the maximum number of tags that any project can contain. 
-   
-   Enter `-1` to set the default to unlimited. 
-   1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu. 
-   
-   Enter `-1` to set the default to unlimited.
+   1. For **Default artifact count**, enter the maximum number of tags that any project can contain at a given time, or enter `-1` to set the default to unlimited.   
+   1. For **Default storage consumption**, enter the maximum quantity of storage that any project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu, or enter `-1` to set the default to unlimited.  
    ![Project quotas](../../img/project-quota3.png)
    1. Click **OK**.
 1. To set quotas on an individual project, click the 3 vertical dots next to a project and select **Edit**.
@@ -25,11 +22,11 @@ By default, all projects have unlimited quotas for both tags and storage use.
    1. For **Default artifact count**, enter the maximum number of tags that this individual project can contain, or enter `-1` to set the default to unlimited. 
    1. For **Default storage consumption**, enter the maximum quantity of storage that this individual project can consume, selecting `MB`, `GB`, or `TB` from the drop-down menu.
 
-After you set quotas, the you can see how much of their quotas each project has consumed in the **Project Quotas** tab.
+After you set quotas, you can see how much of their quotas each project has consumed.
 
 ![Project quotas](../../img/project-quota5.png)
 
-### How Harbor Calculates Resource Usage
+## How Harbor Calculates Resource Usage
 
 When setting project quotas, it is useful to know how Harbor calculates tag numbers and storage use, especially in relation to image pushing, retagging, and garbage collection.
 

docs/harbor-doc-reorg/administration/garbage_collection/_index.md

@@ -1,29 +1,31 @@
 # Garbage Collection
-Online Garbage Collection enables user to trigger docker registry garbage collection by clicking button on UI.
 
-**NOTES:** The space is not freed when the images are deleted from Harbor, Garbage Collection is the task to free up the space by removing blobs from the filesystem when they are no longer referenced by a manifest.
+When you delete images from Harbor, space is not automatically freed up. You must run garbage collection to free up space by removing blobs that are no longer referenced by a manifest from the file system.  
 
-For more information about Garbage Collection, please see [Garbage Collection](https://github.com/docker/docker.github.io/blob/master/registry/garbage-collection.md).  
+### Run Garbage Collection
 
-## Set up Garbage Collection
-If you are a system admin, you can trigger garbage collection by clicking "GC Now" in the **'Garbage Collection'** tab of **'Configuration'** section under **'Administration'**.
+1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
+1. Expand **Administration**, and select **Garbage Collection**. 
+1. Select the **'Garbage Collection'** tab.
+  ![Garbage collection](../../img/garbage-collection.png)
+1. To run garbage collection immediately, click **GC Now**.
 
-![browse project](../../img/gc_now.png)
-**NOTES:** Harbor is put into read-only mode when to execute Garbage Collection, and any modification on docker registry is prohibited.
+When you run garbage collection, Harbor goes into read-only mode. All modifications to the registry are prohibited.
 
-To avoid frequently triggering the garbage collection process, the availability of the button is restricted. It can be only triggered once in one minute.
-![browse project](../../img/gc_now2.png)
+To avoid triggering the garbage collection process too frequently, the availability of the **GC Now** button is restricted. Garbage collection can be only run once per minute.
 
-## Scheduled Garbage Collection by Policy
-* **None:** No policy is selected.
-* **Daily:** Policy is activated daily. It means an analysis job is scheduled to be executed at the specified time everyday. The scheduled job will do garbage collection in Harbor.
-* **Weekly:** Policy is activated weekly. It means an analysis job is scheduled to be executed at the specified time every week. The scheduled job will do garbage collection in Harbor.
-Once the policy has been configured, you have the option to save the schedule.
-![browse project](../../img/gc_policy.png)
+### Schedule Garbage Collection
 
-## Garbage Collection history
-If you are a system admin, you can view the latest 10 records of garbage collection execution.
-![browse project](../../img/gc_history.png)
-
-You can click on the 'details' link to view the related logs.
-![browse project](../../img/gc_details.png)
+1. Expand **Administration**, and select **Garbage Collection**. 
+1. Select the **'Garbage Collection'** tab.
+1. Use the drop down-menu to select how often to run garbage collection.
+   ![Schedule garbage collection](../../img/gc_policy.png)
+   * **None**: No garbage collection is scheduled.
+   * **Hourly**: Run garbage collection at the beginning of every hour.
+   * **Daily**: Run garbage collection at midnight every day.
+   * **Weekly**: Run garbage collection at midnight every Saturday.
+   * **Custom**: Run garbage collection according to a `cron` job.
+1. Click **Save**.
+1. Select the **History** tab to view records of the 10 most recent garbage collection runs.
+   ![Garbage collection history](../../img/gc_history.png)
+1. Click on the **Logs** link to view the related logs.

docs/harbor-doc-reorg/administration/managing_users/_index.md

@@ -3,4 +3,3 @@
 - [Harbor Role Based Access Control (RBAC)](configure_rbac.md)
 - [User Permissions By Role](user_permissions_by_role.md)
 - [Configure Harbor User Settings at the Command Line](configure_user_settings_cli.md)
-- [Manage Roles by LDAP Group](manage_role_by_ldap_group.md)

docs/harbor-doc-reorg/administration/managing_users/configure_rbac.md

@@ -1,22 +0,0 @@
-# Harbor Role Based Access Control (RBAC)  
-
-![rbac](../../img/rbac.png)
-
-Harbor manages images through projects. Users can be added into one project as a member with one of three different roles:  
-
-* **Guest**: Guest has read-only privilege for a specified project.
-* **Developer**: Developer has read and write privileges for a project.
-* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts. 
-* **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan.
-
-Besides the above three roles, there are two system-level roles:  
-
-* **SysAdmin**: "SysAdmin" has the most privileges. In addition to the privileges mentioned above, "SysAdmin" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.  
-* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.  
-
-For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
-
-## Managing user  
-Administrator can add "Administrator" role to one or more ordinary users by checking checkboxes and clicking `SET AS ADMINISTRATOR`. To delete users, checked checkboxes and select `DELETE`. Deleting user is only supported under database authentication mode.
-
-![browse project](../../img/new_set_admin_remove_user.png)

docs/harbor-doc-reorg/administration/managing_users/manage_roles_by_ldap_group.md

@@ -1,57 +0,0 @@
-# Manage Roles by LDAP Group
-
-This guide provides instructions to manage roles by LDAP/AD group. You can import an LDAP/AD group to Harbor and assign project roles to it. All LDAP/AD users in this LDAP/AD group have assigned roles.
-
-## Prerequisite
-
-1. Harbor's auth_mode is ldap_auth and **[basic LDAP configure parameters](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md#optional-parameters)** are configured.
-1. Memberof overlay
-
-    This feature requires the LDAP/AD server enabled the feature **memberof overlay**. 
-    With this feature, the LDAP/AD user entity's attribute **memberof** is updated when the group entity's **member** attribute is updated. For example, adding or removing an LDAP/AD user from the LDAP/AD group.
-
-    * OpenLDAP -- Refer this **[guide](https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay/)** to enable and verify **memberof overlay**
-    * Active Directory -- this feature is enabled by default.
-
-## Configure LDAP group settings
-
-Besides **[basic LDAP configure parameters](https://github.com/vmware/harbor/blob/master/docs/installation_guide.md#optional-parameters)** , LDAP group related configure parameters should be configured, they can be configured before or after installation
-
-  1. Configure LDAP parameters via API, refer to **[Config Harbor user settings by command line](configure_user_settings.md)**
-
-For example:
-```
-curl -X PUT -u "<username>:<password>" -H "Content-Type: application/json" -ki https://harbor.sample.domain/api/configurations -d'{"ldap_group_basedn":"ou=groups,dc=example,dc=com"}'
-```   
-The following parameters are related to LDAP group configuration.
-   * ldap_group_basedn -- The base DN from which to lookup a group in LDAP/AD, for example: ou=groups,dc=example,dc=com
-   * ldap_group_filter -- The filter to search LDAP/AD group, for example: objectclass=groupOfNames 
-   * ldap_group_gid    -- The attribute used to name an LDAP/AD group, for example: cn 
-   * ldap_group_scope  -- The scope to search for LDAP/AD groups. 0-LDAP_SCOPE_BASE, 1-LDAP_SCOPE_ONELEVEL, 2-LDAP_SCOPE_SUBTREE 
-
-  2. Or change configure parameter in web console after installation. Go to "Administration" -> "Configuration" -> "Authentication" and change following settings.
-   - LDAP Group Base DN -- ldap_group_basedn in the Harbor user settings
-   - LDAP Group Filter  -- ldap_group_filter in the Harbor user settings
-   - LDAP Group GID     -- ldap_group_gid in the Harbor user settings
-   - LDAP Group Scope   -- ldap_group_scope in the Harbor user settings
-   - LDAP Groups With Admin Privilege -- Specify an LDAP/AD group DN, all LDAPA/AD users in this group have harbor admin privileges.
-
-![Screenshot of LDAP group config](img/group/ldap_group_config.png)
-
-## Assign project role to LDAP/AD group
-
-In "Project" -> "Members" -> "+ GROUP".
-
-![Screenshot of add group](img/group/ldap_group_addgroup.png)
-
-You can "Add an existing user group to project member" or "Add a group from LDAP to project member".
-
-![Screenshot of add group dialog](img/group/ldap_group_addgroup_dialog.png)
-
-Once an LDAP group is assigned a project role, log in with an LDAP/AD user in this group, the user should have the privilege of its group role.
-
-If a user is in the LDAP groups with admin privilege (ldap_group_admin_dn), the user should have the same privileges with Harbor admin.
-
-## User privileges and group privileges
-
-If a user has both user-level role and group-level role, these privileges are merged together.

docs/harbor-doc-reorg/administration/managing_users/rbac.md

@@ -0,0 +1,45 @@
+# Harbor Role Based Access Control (RBAC)  
+
+![rbac](../../img/rbac.png)
+
+Harbor manages images through projects. Users can be added into one project as a member with one of the following different roles:  
+
+* **Limited Guest**: A Limited Guest does not have full read privileges for a project. They can pull images but cannot push, and they cannot see logs or the other members of a project. For example, you can create limited guests for users from different organizations who share access to a project.
+* **Guest**: Guest has read-only privilege for a specified project. They can pull and retag images, but cannot push.
+* **Developer**: Developer has read and write privileges for a project.
+* **Master**: Master has elevated permissions beyond those of 'Developer' including the ability to scan images, view replications jobs, and delete images and helm charts. 
+* **ProjectAdmin**: When creating a new project, you will be assigned the "ProjectAdmin" role to the project. Besides read-write privileges, the "ProjectAdmin" also has some management privileges, such as adding and removing members, starting a vulnerability scan.
+
+Besides the above roles, there are two system-level roles:  
+
+* **Harbor system administrator**: "Harbor system administrator" has the most privileges. In addition to the privileges mentioned above, "Harbor system administrator" can also list all projects, set an ordinary user as administrator, delete users and set vulnerability scan policy for all images. The public project "library" is also owned by the administrator.  
+* **Anonymous**: When a user is not logged in, the user is considered as an "Anonymous" user. An anonymous user has no access to private projects and has read-only access to public projects.  
+
+For full details of the permissions of the different roles, see [User Permissions By Role](user_permissions_by_role.md).
+
+## Create User Accounts
+	
+In database authentication mode, the Harbor system administrator creates user accounts manually. 
+
+1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
+1. Under **Administration**, go to **Users**.
+
+   ![Create user account](../../img/create_user.png)
+1. Click **New User**.
+1. Enter information about the new user.
+
+   ![Provide user information](../../img/new_user.png)
+
+   - The username must be unique in the Harbor system
+   - The email address is used for password recovery
+   - The password must contain at least 8 characters with 1 lowercase letter, 1 uppercase letter and 1 numeric character
+
+If users forget their password, there is a **Forgot Password** in the Harbor log in page.
+
+## Assigning the Administrator Role
+
+Harbor system administrators can assign the Harbor system administrator role to other users by selecting usernames and clicking Set as Administrator in the **Users** tab. 
+
+![browse project](../../img/new_set_admin_remove_user.png)
+
+To delete users, select a user and click `DELETE`. Deleting user is only supported under database authentication mode.

docs/harbor-doc-reorg/administration/managing_users/user_permissions_by_role.md

@@ -10,44 +10,49 @@ System admin have all permissions for the project.
 
 The following table depicts the various user permission levels in a project.
 
-| Action                                  | Guest | Developer | Master | Project Admin |
-| --------------------------------------- | ----- | --------- | ------ | ------------- |
-| See the porject configurations          | ✓     | ✓         | ✓      | ✓             |
-| Edit the project configurations         |       |           |        | ✓             |
-| See a list of project members           | ✓     | ✓         | ✓      | ✓             |
-| Create/edit/delete project members      |       |           |        | ✓             |
-| See a list of project logs              | ✓     | ✓         | ✓      | ✓             |
-| See a list of project replications      |       |           | ✓      | ✓             |
-| See a list of project replication jobs  |       |           |        | ✓             |
-| See a list of project labels            |       |           | ✓      | ✓             |
-| Create/edit/delete project lables       |       |           | ✓      | ✓             |
-| See a list of repositories              | ✓     | ✓         | ✓      | ✓             |
-| Create repositories                     |       | ✓         | ✓      | ✓             |
-| Edit/delete repositories                |       |           | ✓      | ✓             |
-| See a list of images                    | ✓     | ✓         | ✓      | ✓             |
-| Retag image                             | ✓     | ✓         | ✓      | ✓             |
-| Pull image                              | ✓     | ✓         | ✓      | ✓             |
-| Push image                              |       | ✓         | ✓      | ✓             |
-| Scan/delete image                       |       |           | ✓      | ✓             |
-| See a list of image vulnerabilities     | ✓     | ✓         | ✓      | ✓             |
-| See image build history                 | ✓     | ✓         | ✓      | ✓             |
-| Add/Remove labels of image              |       | ✓         | ✓      | ✓             |
-| See a list of helm charts               | ✓     | ✓         | ✓      | ✓             |
-| Download helm charts                    | ✓     | ✓         | ✓      | ✓             |
-| Upload helm charts                      |       | ✓         | ✓      | ✓             |
-| Delete helm charts                      |       |           | ✓      | ✓             |
-| See a list of helm chart versions       | ✓     | ✓         | ✓      | ✓             |
-| Download helm chart versions            | ✓     | ✓         | ✓      | ✓             |
-| Upload helm chart versions              |       | ✓         | ✓      | ✓             |
-| Delete helm chart versions              |       |           | ✓      | ✓             |
-| Add/Remove labels of helm chart version |       | ✓         | ✓      | ✓             |
-| See a list of project robots            |       |           | ✓      | ✓             |
-| Create/edit/delete project robots       |       |           |        | ✓             |
-| See configured CVE whitelist            | ✓     | ✓         | ✓      | ✓             |
-| Create/edit/remove CVE whitelist        |       |           |        | ✓             |
-| Enable/disable webhooks                 |       | ✓         | ✓      | ✓             |
-| Create/delete tag retention rules       |       | ✓         | ✓      | ✓             |
-| Enable/disable tag retention rules      |       | ✓         | ✓      | ✓             |
-| See project quotas                      | ✓     | ✓         | ✓      | ✓             |
-| Edit project quotas                     |       |           |        |               |
+| Action                                  | Limited Guest | Guest | Developer | Master | Project Admin |
+| --------------------------------------- | ------------- | ----- | --------- | ------ | ------------- |
+| See the project configurations          | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Edit the project configurations         |               |       |           |        | ✓             |
+| See a list of project members           |               | ✓     | ✓         | ✓      | ✓             |
+| Create/edit/delete project members      |               |       |           |        | ✓             |
+| See a list of project logs              |               | ✓     | ✓         | ✓      | ✓             |
+| See a list of project replications      |               |       |           | ✓      | ✓             |
+| See a list of project replication jobs  |               |       |           |        | ✓             |
+| See a list of project labels            |               |       |           | ✓      | ✓             |
+| Create/edit/delete project labels       |               |       |           | ✓      | ✓             |
+| See a list of repositories              | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Create repositories                     |               |       | ✓         | ✓      | ✓             |
+| Edit/delete repositories                |               |       |           | ✓      | ✓             |
+| See a list of images                    | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Retag image                             |               | ✓     | ✓         | ✓      | ✓             |
+| Pull image                              | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Push image                              |               |       | ✓         | ✓      | ✓             |
+| Scan/delete image                       |               |       |           | ✓      | ✓             |
+| Add scanners to Harbor                  |               |       |           |       |               |
+| Edit scanners in projects               |               |       |           |         | ✓             |
+| See a list of image vulnerabilities     | ✓             | ✓     | ✓         | ✓      | ✓             |
+| See image build history                 | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Add/Remove labels of image              |               |       | ✓         | ✓      | ✓             |
+| See a list of helm charts               | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Download helm charts                    | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Upload helm charts                      |               |       | ✓         | ✓      | ✓             |
+| Delete helm charts                      |               |       |           | ✓      | ✓             |
+| See a list of helm chart versions       | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Download helm chart versions            | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Upload helm chart versions              |               |       | ✓         | ✓      | ✓             |
+| Delete helm chart versions              |               |       |           | ✓      | ✓             |
+| Add/Remove labels of helm chart version |               |       | ✓         | ✓      | ✓             |
+| See a list of project robots            |               |       |           | ✓      | ✓             |
+| Create/edit/delete project robots       |               |       |           |        | ✓             |
+| See configured CVE whitelist            | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Create/edit/remove CVE whitelist        |               |       |           |        | ✓             |
+| Enable/disable webhooks                 |               |       | ✓         | ✓      | ✓             |
+| Create/delete tag retention rules       |               |       | ✓         | ✓      | ✓             |
+| Enable/disable tag retention rules      |               |       | ✓         | ✓      | ✓             |
+| Create/delete tag immutability rules       |               |       |          |       | ✓             |
+| Enable/disable tag immutability rules      |               |       |          |       | ✓             |
+| See project quotas                      | ✓             | ✓     | ✓         | ✓      | ✓             |
+| Edit project quotas  *                   |               |       |           |        |               |
 
+* Only the Harbor system administrator can edit project quotas and add new scanners.

docs/harbor-doc-reorg/administration/vulnerability_scanning/_index.md

@@ -1,9 +1,18 @@
-# Vulnerability Scanning with Clair 
+# Vulnerability Scanning
 
-**CAUTION: Clair is an optional component, please make sure you have already installed it in your Harbor instance before you go through this section.**
+Harbor provides static analysis of vulnerabilities in images through the open source [Clair](https://github.com/coreos/clair) project. 
 
-Static analysis of vulnerabilities is provided through open source project [Clair](https://github.com/coreos/clair). You can initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to scan all the images at a specified time everyday.
+**IMPORTANT**: Clair is an optional component. To be able to use Clair you must have enabled Clair when you installed your Harbor instance. 
 
+You can also connect Harbor to your own instance of Clair or to additional vulnerability scanners by using an interrogation service. You configure additional scanners in the Harbor interface, after you have installed Harbor. For the list of additional scanners that are currently supported, see the [Harbor Compatibility List](harbor_compatibility_list.md#scanner-adapters).
+
+It might be necessary to connect Harbor to other scanners for corporate compliance reasons, or because your organization already uses a particular scanner. Different scanners also use different vulnerability databases, capture different CVE sets, and apply different severity thresholds. By connecting Harbor to more than one vulnerability scanner, you broaden the scope of your protection against vulnerabilities.
+
+For information about installing Harbor with Clair, see the [Installation and Configuration Guide](installation_guide.md). 
+
+You can manually initiate scanning on a particular image, or on all images in Harbor. Additionally, you can also set a policy to automatically scan all of the images at specific intervals.
+
+- [Connect Harbor to Additional Vulnerability Scanners](pluggable_scanners.md)
 - [Scan an Individual Image](scan_individual_image.md)
 - [Scan All Images](scan_all_images.md)
 - [Schedule Scans](schedule_scans.md)
@@ -11,13 +20,11 @@ Static analysis of vulnerabilities is provided through open source project [Clai
 
 **Vulnerability metadata** 
 
-Clair depends on the vulnerability metadata to complete the analysis process. After the first initial installation, Clair will automatically start to update the metadata database from different vulnerability repositories. The updating process may take a while based on the data size and network connection. If the database has not been fully populated, there is a warning message at the footer of the repository datagrid view.
-![browse project](../../img/clair_not_ready.png)
+Vulnerability scanners depend on the vulnerability metadata to complete the analysis process. After the first initial installation, the vulnerability scanner automatically starts to update the metadata database from different vulnerability repositories. The database update might take a while, based on the data size and network connection. 
 
-The 'database not fully ready' warning message is also displayed in the **'Vulnerability'** tab of **'Configuration'** section under **'Administration'** for your awareness.
-![browse project](../../img/clair_not_ready2.png)
-
-Once the database is ready, an overall database updated timestamp will be shown in the **'Vulnerability'** tab of **'Configuration'** section under **'Administration'**. 
+Depending on the scanner that you use, once the database is ready, the timestamp of the last update is shown in the **Interrogation Services** > **Vulnerability** tab. Currently, only Clair and Anchore provide timestamp information.
 ![browse project](../../img/clair_ready.png)
 
+Until the database has been fully populated, the timestamp is replaced by a warning symbol. When the database is ready, you can scan images individually or scan all images across all projects.
+
 If your Harbor instance is not connected to the external internet, you must manually update the vulnerability metadata. For information about how to update Clair manually, see [Import Vulnerability Data to an Offline Harbor instance](import_vulnerability_data.md).

docs/harbor-doc-reorg/administration/vulnerability_scanning/configure_system_whitelist.md

@@ -1,6 +1,6 @@
 # Configure System-Wide CVE Whitelists
 
-When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning. 
+When you run vulnerability scans, images that are subject to Common Vulnerabilities and Exposures (CVE) are identified. According to the severity of the CVE and your security settings, these images might not be permitted to run. As a Harbor system administrator, you can create whitelists of CVEs to ignore during vulnerability scanning. 
 
 You can set a system-wide CVE whitelist or you can set CVE whitelists on a per-project basis. For information about per-project CVE whitelists, see [Configure a Per-Project CVE Whitelist](../../working_with_projects/configure_project_whitelist.md).
 
@@ -8,16 +8,16 @@ System-wide CVE whitelists apply to all of the projects in a Harbor instance.
 
 1. Go to **Configuration** > **System Settings**.
 1. Under **Deployment security**, click **Add**. 
-   ![System-wide CVE whitelist](../img/cve-whitelist1.png)
+   ![System-wide CVE whitelist](../../img/cve-whitelist1.png)
 1. Enter the list of CVE IDs to ignore during vulnerability scanning. 
-   ![Add system CVE whitelist](../img/cve-whitelist2.png)
+   ![Add system CVE whitelist](../../img/cve-whitelist2.png)
 
    Either use a comma-separated list or newlines to add multiple CVE IDs to the list.
 1. Click **Add** at the bottom of the window to add the list.
 1. Optionally uncheck the **Never expires** checkbox and use the calendar selector to set an expiry date for the whitelist.
-   ![Add system CVEs](../img/cve-whitelist3.png)
+   ![Add system CVEs](../../img/cve-whitelist3.png)
 1. Click **Save** at the bottom of the page to save your settings.
    
 After you have created a system whitelist, you can remove CVE IDs from the list by clicking the delete button next to it in the list. You can click **Add** to add more CVE IDs to the system whitelist.
 
-![Add and remove system CVEs](../img/cve-whitelist4.png)
+![Add and remove system CVEs](../../img/cve-whitelist4.png)

docs/harbor-doc-reorg/administration/vulnerability_scanning/pluggable_scanners.md

@@ -0,0 +1,28 @@
+#  Connect Harbor to Additional Vulnerability Scanners
+
+To connect Harbor to additional vulnerability scanners, you must install and configure an instance of the additional scanner according to the scanner vendor's requirements. The scanner must expose an API endpoint to allow Harbor to trigger the scan process or get reports. You can deploy multiple different scanners, and multiple instances of the same type of scanner.
+
+1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
+1. Expand **Administration**, and select **Interrogation Services**. 
+   ![Interrogation Services](../../img/interrogation-services.png)
+1. Click the **New Scanner** button.
+1. Enter the information to identify the scanner.
+   - A unique name for this scanner instance, to display in the Harbor interface.
+   - An optional description of this scanner instance.
+   - The address of the API endpoint that the scanner exposes to Harbor.
+   ![Add scanner](../../img/add-scanner.png)
+1. Select how to connect to the scanner from the **Authorization** drop-down menu.
+   ![Select scanner authentication method](../../img/scanner-auth.png)
+   - **None**: The scanner allows all connections without any security.
+   - **Basic**: Enter a username and password for an account that can connect to the scanner.
+   - **Bearer**: Paste the contents of a bearer token in the **Token** text box.
+   - **APIKey**: Paste the contents of an API key for the scanner in the **APIKey** text box.
+1. Optionally select **Skip certificate verification** if the scanner uses a self-signed or untrusted certificate. 
+1. Optionally select **Use internal registry address** if the scanner should connect to Harbor using an internal network address rather than its external URL.
+
+   **NOTE**: To use this option, the scanner must be deployed in a network that allows the scanner to reach Harbor via Harbor's internal network.
+1. Click **Test Connection** to make sure that Harbor can connect successfully to the scanner. 
+   ![Test scanner connection](../../img/test-scanner-connection.png)
+1. Click **Add** to connect Harbor to the scanner.
+1. Optionally repeat the procedure to add more scanners.
+1. If you configure multiple scanners, select one and click **Set as Default** to designate it as the default scanner.

docs/harbor-doc-reorg/administration/vulnerability_scanning/scan_all_images.md

@@ -1,9 +1,11 @@
 # Scan All Images
 
-In the **'Vulnerability'** tab of **'Configuration'** section under **'Administration'**, click on the **'SCAN NOW'** button to start the analysis process for all the existing images. 
+In addition to scanning individual images in projects, you can run global scans on all of the images in a Harbor instance, across all projects.
 
-**NOTES: The scanning process is executed via multiple concurrent asynchronous tasks. There is no guarantee on the order of scanning or the returned results.** 
-![browse project](../../img/scan_all.png)
+1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
+1. Expand **Administration**, and select **Interrogation Services**. 
+1. Select the **Vulnerability** tab and click **Scan Now** to scan all of the images in all projects.
 
-To avoid frequently triggering the resource intensive scanning process, the availability of the button is restricted. It can be only triggered once in a predefined period. The next available time will be displayed besides the button.
-![browse project](../../img/scan_all2.png)
+   ![Scan all images](../../img/scan_all.png)
+   
+Scanning requires intensive resource consumption. If scanning is in progress, the **Scan Now** button is unavailable.

docs/harbor-doc-reorg/administration/vulnerability_scanning/scan_individual_image.md

@@ -1,32 +1,49 @@
-# Scan an Individual Image
+# Scan Individual Images
 
-Enter your project, select the repository. For each tag there will be an 'Vulnerability' column to display vulnerability scanning status and related information. You can select the image and click the "SCAN" button to trigger the vulnerability scan process. 
-![browse project](../../img/scan_image.png)
-**NOTES: Only the users with 'Project Admin' role have the privilege to launch the analysis process.**
+1. Log in to the Harbor interface with an account that has at least project administrator privileges.
+1. Go to **Projects** and select a project. 
+1. Select the **Scanner** tab.
+
+   The **Scanner** tab shows the details of the scanner that is currently set as the scanner to use for this project.
+   
+   ![Project scanner tab](../../img/project-scanners.png)
+1. Click **Edit** to select a different scanner from the list of scanners that are connected to this Harbor instance, and click **OK**.
+
+   ![Project scanner tab](../../img/select-scanner.png)
+   
+   **NOTE**: If you have selected the **Prevent vulnerable images from running** option in the project **Configuration** tab, the prevention of pulling vulnerable images is determined by the scanner that is set in the project, or by the global default scanner if no scanner is configured specifically for the project. Different scanners might apply different levels of severity to image vulnerabilities.
+1. Select the **Repositories** tab and select a repository.
+
+   For each tag in the repository, the **Vulnerabilities** column displays the vulnerability scanning status and related information.
+   
+   ![Tag vulnerability status](../../img/tag-vulnerability-status.png)
+1. Select a tag, or use the check box at the top to select all tags in the repository, and click the **Scan** button to run the vulnerability scan on this image.
+
+   ![Scan an image](../../img/scan_image.png)
+
+   **NOTE**: You can start a scan at any time, unless the status is **Queued** or **Scanning**. If the database has not been fully populated, you should not run a scan. The following statuses are displayed in the **Vulnerabilities** column:
    
-The analysis process may have the following status that are indicated in the 'Vulnerability' column:
    * **Not Scanned:** The tag has never been scanned.
-* **Queued:** The scanning task is scheduled but not executed yet.
-* **Scanning:** The scanning process is in progress.
-* **Error:** The scanning process failed to complete.
-* **Complete:** The scanning process was successfully completed.
+   * **Queued:** The scanning task is scheduled but has not run yet.
+   * **Scanning:** The scanning task is in progress and a progress bar is displayed.
+   * **View log:** The scanning task failed to complete. Click **View Log** link to view the related logs.
+   * **Complete:** The scanning task completed successfully.
 
-For the **'Not Scanned'** and **'Queued'** statuses, a text label with status information is shown. For the **'Scanning'**, a progress bar will be displayed.
-If an error occurred, you can click on the **'View Log'** link to view the related logs.
-![browse project](../../img/log_viewer.png)
+   If the process completes successfully, the result indicates the overall severity level, with the total number of vulnerabilities found for each severity level, and the number of fixable vulnerabilities.
 
-If the process was successfully completed, a result bar is created. The width of the different colored sections indicates the percentage of features with vulnerabilities for a particular severity level.
-* **Red:** **High** level of vulnerabilities
-* **Orange:** **Medium** level of vulnerabilities
-* **Yellow:** **Low** level of vulnerabilities
-* **Grey:** **Unknown** level of vulnerabilities
-* **Green:** **No** vulnerabilities
-![browse project](../../img/bar_chart.png)
+   ![Scan result](../../img/scan-result.png)
 
-Move the cursor over the bar, a tooltip with summary report will be displayed. Besides showing the total number of features with vulnerabilities and the total number of features in the scanned image tag, the report also lists the counts of features with vulnerabilities of different severity levels. The completion time of the last analysis process is shown at the bottom of the tooltip.
-![browse project](../../img/summary_tooltip.png)
+   * **Red:** At least one critical vulnerability found
+   * **Orange:** At least one high level vulnerability found
+   * **Yellow:** At least one medium level vulnerability found
+   * **Blue:** At least one low level vulnerability found
+   * **Green:** No vulnerabilities found
+   * **Grey:** Unknown vulnerabilities
+1. Hover over the number of fixable vulnerabilities to see a summary of the vulnerability report. 
 
-Click on the tag name link, the detail page will be opened. Besides the information about the tag, all the vulnerabilities found in the last analysis process will be listed with the related information. You can order or filter the list by columns.
-![browse project](../../img/tag_detail.png)
+   ![Vulnerability summary](../../img/vulnerability-summary.png)
+1. Click on the tag name to see a detailed vulnerability report.
  
-**NOTES: You can initiate the vulnerability analysis for a tag at anytime you want as long as the status is not 'Queued' or 'Scanning'.** 
+  ![Vulnerability report](../../img/tag_detail.png)
+  
+   In addition to information about the tag, all of the vulnerabilities found in the last scan are listed. You can order or filter the list by the different columns. You can also click **Scan** in the report page to run a scan on this image tag.

docs/harbor-doc-reorg/administration/vulnerability_scanning/schedule_scans.md

@@ -1,8 +1,17 @@
 # Schedule Scans
 
-You can set policies to control the vulnerability analysis process. Currently, two options are available:
-* **None:** No policy is selected.
-* **Daily:** Policy is activated daily. It means an analysis job is scheduled to be executed at the specified time everyday. The scheduled job will scan all the images in Harbor.
+You can set policies to control when vulnerability scanning should run.
+
+1. Log in to the Harbor interface with an account that has Harbor system administrator privileges.
+1. Expand **Administration**, and select **Interrogation Services**. 
+1. Select the **Vulnerability** tab and click the **Edit** button next to **Schedule to scan all**.  
+1. Use the drop down-menu to select how often to run scans.
+
    ![browse project](../../img/scan_policy.png)
    
-**NOTES: Once the scheduled job is executed, the completion time of scanning all images will be updated accordingly. Please be aware that the completion time of the images may be different because the execution of analysis for each image may be carried out at different time.**
+   * **None**: No scans are scheduled.
+   * **Hourly**: Run a scan at the beginning of every hour.
+   * **Daily**: Run a scan at midnight every day.
+   * **Weekly**: Run a scan at midnight every Saturday.
+   * **Custom**: Run a scan according to a `cron` job.
+1. Click **Save**.

docs/harbor-doc-reorg/img/bell-outline-badged.svg

@@ -1,5 +0,0 @@
-<svg version="1.1" width="36" height="36"  viewBox="0 0 36 36" preserveAspectRatio="xMidYMid meet" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-    <title>bell-outline-badged</title>
-    <path class="clr-i-outline--badged clr-i-outline-path-1--badged" d="M18,34.28A2.67,2.67,0,0,0,20.58,32H15.32A2.67,2.67,0,0,0,18,34.28Z"></path><path class="clr-i-outline--badged clr-i-outline-path-2--badged" d="M32.51,27.83A14.4,14.4,0,0,1,30,24.9a12.63,12.63,0,0,1-1.35-4.81V15.15a10.92,10.92,0,0,0-.16-1.79,7.44,7.44,0,0,1-2.24-.84,8.89,8.89,0,0,1,.4,2.64v4.94a14.24,14.24,0,0,0,1.65,5.85,16.17,16.17,0,0,0,2.44,3H5.13a16.17,16.17,0,0,0,2.44-3,14.24,14.24,0,0,0,1.65-5.85V15.15A8.8,8.8,0,0,1,18,6.31a8.61,8.61,0,0,1,4.76,1.44A7.49,7.49,0,0,1,22.5,6c0-.21,0-.42,0-.63a10.58,10.58,0,0,0-3.32-1V3.11a1.33,1.33,0,1,0-2.67,0V4.42A10.81,10.81,0,0,0,7.21,15.15v4.94A12.63,12.63,0,0,1,5.86,24.9a14.4,14.4,0,0,1-2.47,2.93,1,1,0,0,0-.34.75v1.36a1,1,0,0,0,1,1h27.8a1,1,0,0,0,1-1V28.58A1,1,0,0,0,32.51,27.83Z"></path><circle class="clr-i-outline--badged clr-i-outline-path-1--badged clr-i-badge" cx="30" cy="6" r="5"></circle>
-    <rect x="0" y="0" width="36" height="36" fill-opacity="0"/>
-</svg>