Feature Requests

As a potential workaround to https://ideas.harness.io/feature-request/p/enable-wiz-native-scanning-w-sto-in-cd-custom-stages , which is asking for a native STO Ingest Step in the Deploy Stage, it was suggested that it might be easier to make the STO ingest Step available in the Container Step Group. This is untested, so this request is to determine feasibility and ETA if possible.

Our Vault is hosted on prem, and secure connect is needed to access it, but we don't see secure connect as an option on the connector

We are using many layers of templates and need to set up webhooks to prevent slowness. Currently there is no way to create a webhook in Harness unless the connector set on the webhook has permission to create the webhook in our GitLab instance. Our GitLab cannot connect directly to Harness, and we do not want webhooks to stack up that will be creating errors in our GitLab instance. We will be using an intermediary service to relay the webhooks from GitLab into Harness. So the ideal solution is a toggle that will allow us to create the webhook on the Harness end, but not attempt to create the webhook inside of GitLab.

Values for privileged and allowPrivilegeEscalation on k8s build infra are not set unless enabled and disabled for the containerised step group. The user have to deliberately make the config changes to mark the privileged and allowPrivilegeEscalation as false. It should be taken as false if the config is not checkmarked at first.

Gathering data from steps to pass from stage to stage can be confusing for developers consuming templates. An ability to pass this information into a stage level output similar to how stage variables work for input would be extremely useful. An example could be a complex stage which includes build of a container image could pass the full image path and separately pass the registry, image name, tag and SHA so these are more easily passed into the deploy stage for selection of the image to deploy.

For some reason it seems like deployment type templates are not supported by the move to git operation. Support suggested we get an enhancement request open to get this supported. Technically there's ways to do this by modifying the YAML directly, but we would like this supported natively.

While updating the AWS Lambda Function Code, could you please remove the lambda:updateConfiguration permission dependency which is required to be attached to the arn, when we pass the configuration details in manifest then only Harness should look for lambda:updateConfiguration permission, but now if I am trying to update only lambda function code it is expecting to have lambda:updateConfiguration which is not required.

We have a requirement where we would like for GitOps pipelines to not execute if an existing execution is already running with the same inputs. We don't want queueing. We want it to just not run when matching inputs (service and env) are provided.

BuildX requires a buildkit.toml file to be included for certs. This does not get auto-generated by Harness so users will need to add extra steps in their pipeline to generate this file. We'd like for Harness to auto-generate this file based on the certificates we have mounted in the CI Pod.

Many teams use not only CI when deploying infrastructure, and we need to enable (and enforce via OPA) teams to scan their IAC before deploying. Currently there is no way to perform Wiz Native scanning or using Custom Scan Ingestion steps (two different solutions) within CD or Custom Stages. We need teams to be able to view their vulnerabilities regardless of the stage they are deploying.