Feature Requests

Please enable Testing Intelligence module to support pytest 9.x.

plugins/cache plugins/sto plugins/s3

Currently, Harness provides a single Docker plugin that can be configured for: Build and Push Build Only Push Only This is controlled through environment variables. However, when integrating a container scanning step (e.g., Prisma), the workflow becomes cumbersome because we need to: Use one Docker plugin for Build Only Use a separate Docker plugin for Push Only Add a third plugin for Scan This results in multiple steps and plugins, making the pipeline less intuitive and harder to manage visually. Feature Request: Introduce a unified Docker plugin that supports: Build Scan Push …all within a single plugin configuration via the Harness UI (Visual View). This would allow users to: Configure scanning tools (like Prisma) directly within the same plugin. Reduce pipeline complexity and improve maintainability. Provide a more streamlined experience for container lifecycle management. Why This Matters: Simplifies pipeline design. Reduces the number of plugins and steps required. Improves usability for teams adopting container security best practices.

Hi Team, Please enable the following feature flag CI_ENABLE_MULTILINE_OUTPUTS_SECRETS. Thank you for your support.

Problem In Harness CI, each step creates its own ephemeral container even when multiple steps use the same image. This increases build time, image pull overhead, pod/container churn, and Kubernetes load. Many pipelines naturally group related steps (e.g., build + test in the same toolchain), but Harness cannot currently express “reuse this container across steps”. This differs from established patterns in Jenkins, Tekton, and other K8s-based CI systems. ⸻ Proposal (Opt-In) Introduce an optional stage-level feature that allows users to: 1. Define named containers in the stage (e.g., build, node, tools). 2. Assign steps to those containers via a simple container: <name> field. 3. Harness initialises each named container once per pod, and runs all referencing steps inside it sequentially. 4. Default behaviour (one container per step) remains unchanged for users who want strict isolation. ⸻ Value • Performance: avoids repeated container startup and image checks; reduces CI latency. • Efficiency: lowers registry traffic and node/kubelet workload; improves cluster utilisation. • Better modelling: aligns with how teams naturally structure pipelines and with patterns from other CI systems. • Safe & incremental: fully optional; no breaking changes; ideal for advanced users who want faster pipelines. ⸻ Example YAML the spec section could be updated to hold the pod spec before the steps. Something like stage: name: Full SDLC Validation type: CI spec: Opt-in: define shared, named containers once per stage pod: containers: Build & test toolchain - name: build image: maven:3.9-eclipse-temurin-21 could mount a cache volume here in future Image build toolchain (e.g. Kaniko / BuildKit / Docker CLI wrapper) - name: image-builder image: gcr.io/kaniko-project/executor:latest Security tools (SCA, image scan, SBOM) - name: security image: aquasec/trivy:latest steps: 1) Compile + unit test (classic inner-loop) - name: compile-and-unit-tests container: build command: mvn -B clean verify 2) Static analysis / linting using Maven plugins - name: static-analysis container: build command: mvn -B spotbugs:check checkstyle:check 3) Package JAR / artefacts (if not already from previous goal) - name: package-artifacts container: build command: mvn -B package 4) Build container image from Dockerfile using dedicated image builder - name: build-container-image container: image-builder command: > /kaniko/executor --dockerfile=Dockerfile --context=. --destination=registry.example.com/my-team/my-service:${HARNESS_BUILD_ID} 5) Image security scan & SBOM generation - name: security-scan-and-sbom container: security command: > trivy image --scanners vuln,secret,config --format sarif --output trivy-report.sarif registry.example.com/my-team/my-service:${HARNESS_BUILD_ID} 6) Contract/integration tests against the built image or a test deployment - name: contract-tests container: build command: mvn -B -Pintegration-test verify

Bitbucket’s Required builds merge-check expects the build status payload to include a parent field that exactly matches the required-build key configured in the repo. Harness does not set this field by default, which is why the check isn’t being satisfied even though the build shows successful. Please add the parent field while sending the build status so that the required build merge checks can detect it.

The Problem When using Kubernetes-based CI builds, pod YAML specifications can exceed GKE's 1.5MiB etcd limit, causing pipeline failures with "etcdserver: request is too large" errors. Currently, these failures are only discovered at runtime when Kubernetes rejects the pod specification. There is no way to proactively validate or prevent this before execution. We appreciate the recent CI_COMMON_ENV_POD optimization (delegate 25.11.87300) which helps reduce pod size, but this does not provide visibility or governance controls to prevent future breaches. What We Need A proactive validation mechanism that: Calculates pod YAML size before execution - Estimate the pod specification size before submitting to Kubernetes Provides configurable thresholds - Allow administrators to set size limits at account, project, or stage levels Supports warning and fail behaviors - Option to warn when approaching limits or fail fast before Kubernetes rejection Offers visibility - Display pod size in execution logs for troubleshooting and template governance Use Case Platform teams managing CI/CD templates need to validate that adding new stages, security scanning steps, or template changes won't breach etcd limits before releasing to production. Currently, this is trial-and-error through runtime failures, impacting developer productivity and release velocity. Business Value Shifts from reactive incident response to proactive prevention Enables safe evolution of CI templates without risk of platform-wide failures Reduces failed builds and investigation time for development teams Applicable to any enterprise customer using Kubernetes-based CI infrastructure

Our container registry is immutable. We would like an option for BuildAndPushGAR to not push when image is already exist

Many reports such as coverage, linters, unit tests from various languages, etc use proprietary HTML reports. Harness enables you to upload these reports as artifacts to S3 or similar, but it does not support HTML reports natively. I would like to see this feature make it to Harness similar to https://plugins.jenkins.io/htmlpublisher/ to support additional quality and build reports

We want to know which delegate was selected for the execution. When we call the execution api for build stages we do not see the selected delegate information in the returned execution graph. This enhancement request is to have this information available for the initialize steps as well.