drop harbor audit log · parse image push/pull/scan events · timeline + findings + actor inventory · runs locally
flags robot account token abuse · vulnerability scan dismissals · project member grants · admin changes · destructive ops
heuristic screener · harbor audit schema varies by version · field mapping is best-effort · parses artifacts locally · not definitive proof