Provide API Endpoint to Modify SCS License Family & Indirect/Direct Dependencies According to Firm Standards
pending feedback
R
Rubber Scallop
Request a Harness-supported API endpoint that allows authorized automation to update an SCS license family and manage direct and indirect dependency relationships in a way that is compliant with internal firm standards (e.g., governance, auditability, RBAC, validation, and change controls).
Without an API:
-Changes are manual, inconsistent, and hard to govern
-We cannot enforce required approval, validation, or audit controls
-Dependency graph correctness drifts, increasing operational and compliance risk
Log In
P
Pranay Shah
marked this post as
pending feedback
P
Pranay Shah
Hi,
- For the first point, it to reconfirm, you’re looking for an API to manage and update license family classification at the Account/Org level, so that the mapping reflects correctly in the Harness UI.
- For the second point, I want to make sure I’m understanding correctly. You mentioned that internally built packages are visible in the UI, but also that they are not being shown - could you clarify which of these is the current behaviour?
Regarding OSS risk visibility: today, OSS risk signals are derived from public package intelligence sources. For internally built packages, we typically won’t have corresponding data in public source, which is why OSS risk fields may appear blank. Would like to know if you use any SCA tools in your org that surface risks/vulns for internal packages?
R
Rubber Scallop
Hi Pranay Shah
Yes to the first point.
Second point - in the screenshot, you can see the name of the internal package, Moneta Boot Config, but the OSS Risks it is blank. We would like a way to update the OSS Risk for the internal package.
P
Pranay Shah
Rubber Scallop: So if I understand it right, you need an API to manually update the risk for your internal packages?
What would be the different OSS risk values that you would like to provide?
R
Rubber Scallop
The first API is for managing SCS family content and transforming the data to our internal family classification so it displays in Harness UI.
The second API or solution is for internally built firm packages that Harness UI does display, but the OSS Risks and Dependencies are not shown in the Harness UI.
-We would like to display the OSS Risks status (similar to what exists) in the Harness UI. At the moment, the OSS Risks show up as blank.
-Additionally, the internally built firm packages and its dependencies are not being shown. We would like for SCS and the Harness UI to capture and show this data.
Photo Viewer
View photos in a modal
P
Pranay Shah
marked this post as
under review