Feature Requests

United Airlines would like to request support for tag-based enforcement on Input Sets and Triggers using OPA policies. Today, OPA can evaluate pipeline-level metadata, but tags applied directly to Input Sets and Triggers are not exposed in the policy payload. Enabling this capability would allow us to enforce governance rules such as restricting which input sets can be used for certain deployments, validating trigger categorization, and ensuring consistent tagging practices across teams. This enhancement would significantly strengthen governance, compliance, and automation within our pipelines.

We had some governance demands, one of which is the mandatory use of stable versions of templates. Tried to implement an OPA Policy, however, when the template is set as stable, this information isn't displayed in the YAML. I believe it should be in some metadata. Also tried using some functions, but none of the options managed to retrieve the data from the backend. There's also no option to do this via the UI. We need a way for a OPA Policy to force the user to use only the stable version of the templates, is it possible?

Right now, the payload coming out of an outgoing audit log webhook from Harness FME tracking feature flag changes includes one field to identify a user called editor, but it is just the full name of the user with a .replace(' ', '').toLower() on it. e.g. John Richard Doe becomes johnricharddoe This makes it hard to use/make sense of programmatically. Could we get a feature enhancement that preferably includes the editor's email address, and/or the editor's full name?

Summary Users would like the ability to configure parameterized (SpEL-based) payload contents for the embedded artifact used in the Lambda Invoke stage directly from the UI, without needing to edit the stage JSON. Current Behavior Today, when a Lambda Invoke stage needs to send a payload generated from pipeline parameters, users must manually modify the stage JSON to embed something like: "payloadArtifact": { "account": "embedded-artifact", "artifact": { "artifactAccount": "embedded-artifact", "id": "685c650f-b852-4ec6-ab49-98926961f216", "reference": "${#toBase64('{\"first_name\": \"' + parameters.name + '\", \"last_name\": \"' + parameters.functionName + '\"}')}", "type": "embedded/base64" } } Even using an Evaluate Variables stage doesn’t avoid the need to edit JSON, since the user still has to manually wire the artifact reference inside the stage config. Requested Enhancement Add a UI-level capability to: Create or edit an embedded artifact payload directly in a text/JSON editor field within the Lambda Invoke stage. Allow users to include SpEL expressions and pipeline parameters in that payload (e.g., ${ parameters.name } or #toBase64(...)). Automatically handle encoding (base64 or otherwise) and artifact creation behind the scenes, without requiring users to interact with the raw stage JSON. Value / Rationale Eliminates the need for advanced JSON editing, reducing user friction and error rates. Makes parameterized Lambda payloads more accessible to non-expert users. Aligns with the UI-driven configuration approach used in other stages. Customer Quote “Expectation is to be able to configure parameterized contents directly from the UI, instead of editing the stage JSON.”

As discussed with Andrew Spangler and Julia Zinger, submitting this feature request pertaining to Harness CD & GitOps module. We use Argo CD, GitOps Agent and delegate images currently at Box. Our requirement is , for Harness to provision customer internal certificates to be installed on the STIG compliant images and share hardened images with customer. Box wants to use the hardened image with needed certs installed 'as is' , than modifying the images to install internal certificates. This requirement comes from our security, legal and compliance team for STIG compliance. We need this feature by end of Jan, 26. Please include the same in product roadmap.

Would like the option to automatically disable webhook triggers if the trigger failed x amount of times.

Team, Currently we don't have a way to enforce OPA policy only on newly created pipeline. When trying to enforce the policy using "on Save", this gone a impact even the existing pipelines. As there is no pipeline creation time available from YAML, its hard to differentiate new vs old from a particular day of this policy implementation. FYI As suggested by support team ( https://support.harness.io/hc/en-us/requests/98558 ) raising this feature request and are requesting to have prioritize.

We would like to submit a feature enhancement request regarding the artifact download experience in the Harness Artifact Registry UI. Currently, the Artifact Details section provides a Download button next to each file for non-OCI artifacts. However, when an artifact version contains multiple files, we can only download them individually. There is no option to download all files together as a single archived package. Our Feature Request: Please add a Download option at the artifact version level, allowing users to download all associated files in one go (e.g., as a ZIP or tar archive). This would significantly streamline the workflow, especially for artifacts containing multiple files.

Kubernetes 1.33 introduced the options for pods to run in user namespaces [1]. With user namespaces, Kubernetes can remap the UID and GID of the pod within its own namespace, ensuring that it runs as an unprivileged user on the host. This greatly enhances the security of your workloads. For Harness builds running on kubernetes infrastructure, allowing those pods to run in user namespaces will allow to harden security by improving process isolation and reducing the risk of lateral movement attacks. [1] https://www.cncf.io/blog/2025/07/16/securing-kubernetes-1-33-pods-the-impact-of-user-namespace-isolation/

Currently there is no way to provide the encoding, eg utf-8-sig to auto handle encoded files. This results in scenarios where Byte Order Marker also gets printed while accessing the content using <+configFile.getAsString("encrypted")> This enhancement request is for having the ability to provide encoding information of the file as well and handle above scenarios so that correct content can be fetched without post processing it.