Support for AquaSec Assurance Policies | Feature Requests | harness

Support for AquaSec Assurance Policies

complete

Tight Swordfish

Aquasec has support for assurance policies within their platform which define what issues will be accepted, and what will cause a build to fail. Currently harness only allows us to fail a build on a particular severity, but we would like to be able to select a policy which manages the failures.

January 23, 2024

Pritesh Chandaliya

marked this post as

complete

Pritesh Chandaliya

We will be releasing a workaround for supporting the AquaSec assurance policy (and any scanner for that reason) which provides the policy results. We will expose a field called as "EXERNAL_POLICY_FAILURE" in the O/P variable. Users can create an OPA policy to fail/warn the pipeline based on the value of the field exposed.
To be clear, we will not expose policy details from the scanner but just a pass/fail flag to decide for the users to block the pipeline based on 3rd party scanners. We recommend customers to create OPA (harness) policies based on any STO normalized fields as per their convenience. Please let me know if any more questions.  
This feature will be available by the end of March, 2024. Thanks!