Summary:
We have detected an uncontrolled and rapid growth in our PostgreSQL database. Through our monitoring probes, we identified that the issue started around May 21, 2026. The report_vulnerability_record table is the main driver of this growth. While our database historically maintained a stable size of approximately 16 GB, it has been increasing by roughly 6 GB per day since May 21, recently reaching 96 GB.
Observed Behavior:
The database growth is strictly correlated with the execution time of the Trivy vulnerability scan cron jobs. This scan configuration has been in place long before May 21, and there has been no significant increase in the number of images stored in Harbor that would justify such an exponential data influx.
Note: We performed a routine upgrade from Harbor 2.12.4 to 2.13.5 on May 26, 2026, as part of our standard maintenance policy. This upgrade was unrelated to the issue and has not resolved the behavior.
Expected Behavior:
The database size should remain stable (around 16 GB), consistent with previous usage patterns, despite the frequency of Trivy scans.
Actual Behavior:
The database has grown to over 96 GB, with the report_vulnerability_record table accounting for 87 GB.
Database Statistics:
table_name | pg_size_pretty | pg_total_relation_size
-----------------------------+----------------+------------------------
report_vulnerability_record | 87 GB | 93823598592
Versions:
- Harbor version: [2.12.4 -> 2.13.5]
- Docker engine version: [24.0.5]
- Docker-compose version: [2.20.2]
- External Redis: [6.2.20]
- External PostgreSQL: [13.10]
Additional Context:
This issue seems related to the following reported issue: #17927
Summary:
We have detected an uncontrolled and rapid growth in our PostgreSQL database. Through our monitoring probes, we identified that the issue started around May 21, 2026. The
report_vulnerability_recordtable is the main driver of this growth. While our database historically maintained a stable size of approximately 16 GB, it has been increasing by roughly 6 GB per day since May 21, recently reaching 96 GB.Observed Behavior:
The database growth is strictly correlated with the execution time of the Trivy vulnerability scan cron jobs. This scan configuration has been in place long before May 21, and there has been no significant increase in the number of images stored in Harbor that would justify such an exponential data influx.
Note: We performed a routine upgrade from Harbor 2.12.4 to 2.13.5 on May 26, 2026, as part of our standard maintenance policy. This upgrade was unrelated to the issue and has not resolved the behavior.
Expected Behavior:
The database size should remain stable (around 16 GB), consistent with previous usage patterns, despite the frequency of Trivy scans.
Actual Behavior:
The database has grown to over 96 GB, with the
report_vulnerability_recordtable accounting for 87 GB.Database Statistics:
Versions:
Additional Context:
This issue seems related to the following reported issue: #17927