Feature Requests

We would like Harness to provide native support for Infrastructure-as-Code (IaC) scanning as part of its security testing orchestration (STO) capabilities. Specifically: Integration with WIZ: Allow a plugin or connector for WIZ to perform IaC scanning during pipeline execution. STO Support for IaC Scanning: Extend STO functionality to include IaC scanning checks, enabling security posture validation for Terraform, CloudFormation, and other IaC templates.

FOR Dashboard : Harness the Tile “untitled“ does not load properly when the filter Pipeline Created Date is set to last 365 days Query : https://dashboards.harness.io/admin/queries/de1bf76d9a1738790bf284dcb4fab81b

Add filters on the exemptions page - Scanner, Target, Exemption request by/approved by/rejected by, exemption reason The sorting on the columns should work for all the results and not just on the current page.

We are updating our Sonarqube Server installation to 2025.5.0 shortly and have been given a recommendation that clients interacting with that should use sonar-scanner version 7.1.0 to prevent incompatibility issues. We would like the builtin Sonarqube scan step/plugin to be updated to allow us to specify the updated sonar-scanner version, or use the newer version by default.

We got a requirement to scan VM image using wiz, but looks like harness has not provided option to select "Type" as "VM-Image", harness provided wiz plugin has only two target types "Repository" and "Container Image", can you please add "VM-Image" as well in the Target Types.

Need base image detection feature to be available for ingestion mode scans. The current feature supports orchestration mode scans. ETA of the feature ?

It would be great if we have a plugin for DataTheorem so that we can ingest the findings from DataTheorem and feed them into Harness STO

Snyk supports about 80 images GitHub. We want Harness to expand their coverage for image flavors for orchesteration with Snyk.

Add the functionality in "External Tickets" ( https://developer.harness.io/docs/security-testing-orchestration/jira-integrations/ ) to automatically create a Jira ticket when an exemption is raised.

In STO, the "Issue Type" created by Harness from our SCA sarifs is labeled as "SAST" instead of "SCA". We do not manually set this field; it seems Harness is doing so automatically. Can we improve the automation detection rules set or add an option to manually select this field?