Feature Requests

Require a REST API that could get us the SBOM score for the specified artifact.

I need a way to restrict the use of secrets in pipelines. Examples of restrictions: secrets in this secret manager can only be used against the production environment these secrets can only be used by an account level template Current OPA policy is not sufficient to enforce these restrictions. For example: a pipeline is created that use queries the secret but uses a variable to hold the secret id, <+secrets.getValue(<+variables.foobar>)>. Current OPA policies on pipeline would see the variable expression and not the actual ID. This makes it hard to restrict access to certain secrets without being overly restrictive that prevents other valid use cases. Policy needs the following information: secret ID being accessed secret manager where secret is stored pipeline that is trying to access secret step hierarchy of step trying to access Environment and infrastructure being used for custom and deploy stages service and overrides being used for deploy stage what resource is the secret access defined in

Required support for S3 Encryption while uploading cache dependency packages to S3 Bucket for cache intelligence in CI pipeline. Please provide s3 encryption support when we upload any packages for dependency in s3 bucket. Currently we are getting error for encryption policy that we have enforced for our s3 bucket and after removing that policy we are able to push packages to S3 bucket.

CD containerized group step only supports kubernetes. The request would be to have this orchestrated on a VMs

Harness uses "Environments" to define the environment to which a pipeline deploys, and uses "Connectors" to integrate with external secrets managers (like HashiCorp Vault). The connector is essentially the "identity" that interacts with the external secrets manager, and can be configured at the account, organization, or project level. Enterprise organizations require the isolation of environments, like keeping production isolated from integration or development environments, including secrets. Therefore, secrets managers require the ability to ensure access to production secrets are only provided to production workloads/pipelines. However, connectors cannot be tied to environments and the environment cannot be exposed to the secrets manager. For example, let's review a JWT integration with HashiCorp Vault. The connector can be configured at the account, organization, or project level, with the number of JWT claims and detail increasing at each level. This is an example JWT of a connector created at the project level: { "sub": "account/ABC123DEF456:org/MyAppOrg:project/MyAppProject", "iss": " https://app.harness.io/ng/api/oidc/account/ABC123DEF456 ", "aud": "harness", "exp": 1749488567, "iat": 1749484967, "account_id": "ABC123DEF456", "organization_id": "MyAppOrg", "project_id": "MyAppProject", "connector_id": "project_hashi_connector", "connector_name": "project_hashi_connector", "context": "CONNECTOR" } This JWT is all the secrets manager, HashiCorp Vault in this example, receives to identify/authenticate the connection looking to retrieve secrets. The same account/org/project is used to deploy to production, integration testing, and development. Therefore, the sub, account_id, organization_id, and project_id claims cannot be used to determine whether the requestor should be provided production, integration testing, or development secrets. Please provide a way to expose the environment to an external secrets manager so that proper secrets governance/controls can be applied by the secrets manager.

Hi Harness Team, I’ve implemented rollback stages in our CD pipeline and am currently working on enhancing the notification stage. Specifically, I want to dynamically include the name of the failed stage in the notification content. To achieve this, I attempted to use the expression <+pipeline.stages.<stageName>.status> within the HTML body of the notification. However, it does not seem to retrieve the failed stage name during rollback. Based on our findings, it appears that enabling the CDS_ALLOW_EXPRESSION_RESOLUTION_PIPELINE_ROLLBACK feature flag is necessary for this functionality to work as expected. I kindly request that this feature flag be enabled for our account. Thank you for your support! Best regards, Sagar Shelki

Hi Harness Team, I’ve implemented rollback stages in our CD pipeline and am currently working on enhancing the notification stage. Specifically, I want to dynamically include the name of the failed stage in the notification content. To achieve this, I attempted to use the expression <+pipeline.stages.<stageName>.status> within the HTML body of the notification. However, it does not seem to retrieve the failed stage name during rollback. Based on our findings, it appears that enabling the CDS_ALLOW_EXPRESSION_RESOLUTION_PIPELINE_ROLLBACK feature flag is necessary for this functionality to work as expected. I kindly request that this feature flag be enabled for our account. Thank you for your support! Best regards, Sagar Shelki

The banner on harness UI comes by default with dismissible option. Since one of our banner is highly important. There shouldn't be any way that it can get dismissed by user

Hi, we use input as our version that gets released. Trigger passes the value to input and that is used to get artifact for ecs or lambda deployment. When we go to the execution history, its a very basic requirements for us to see what we have just deployed, what was the release/input. Can we please add the value of the input on the execution history view? Can we please also add the last execution input on the pipeline view?

We should be able to run IaCM pipelines on our VM infrastructure. This is needed because many of our services that provide secrets and source code are located on-prem.