Restricting harness Cloud to Pvt Registries
pending feedback
V
Venetian yellow Caribou
Being on Cloud, while building Docker image, teams tend to pull out packages form third party sources, we would like to restrict them. Usually in our environment we control by restricting the egress , we would like to find a way similarly in Harness Cloud CI where we can restict users pulling the packages from third party soruces.
Log In
N
Nofar Bluestein
pending feedback
Hey,
You can enforce restrictions on pulling third-party packages in Harness Cloud CI by implementing a required setup step that modifies machine settings and using OPA policies to ensure compliance.
The setup step should run early in the pipeline to configure network settings and restrict egress traffic, preventing access to unauthorized package sources. To enforce this, an OPA policy can be applied to scan pipeline definitions and block execution if the required step is missing or altered. This ensures that all builds adhere to network restrictions and eliminates the risk of unauthorized dependencies being pulled.
Would that be helpful?
Regards,
Nofar Bluestein
CI Product team
N
Nofar Bluestein
under review