harness - The Modern Software Delivery Platform®
Create
Home
Feature Requests
Log in to your harness - The Modern Software Delivery Platform® account to give feedback
Powered by Canny

Feature Requests

Anonymous

Feature Requests for Harness. Select 'Category' based on the module you are requesting the feature for.
SBOM orchestration support for windows
Support SBOM orchestration, ingestion and verification for windows infra
1
·

next fiscal quarter

Dependency querying for SBOM across applications
One use case for an SBOM we would like to see on Harness is the ability to query a specific dependency and be able to see all applications that are using this depedency. If something like a day 0 vulnerability appears in a dependency, then we will be able to flag all applications that are using it. Note: This feature would be best suited to be in the Supply Chain Security module, but since that was not an option above, the Security Testing Orchestration module is the closest one.
3
·

pending feedback

SBOM & SLSA Attestation/Verification is required for restricted Branches
Hi Team, We are generating the SBOM & SLSA Attestation steps in the pipeline and we don't want to perform attestation for all branches. Instead, we want to do attestation only for release, master, and main branches. This will help us save resources in Artifactory and Vault
1
·

under review

NO_ASSERTION for the internal jars
It would be great if you could map the internal package int he Artifact SBOM so that it would show no assertion on the Harness SBOM page
2
·

long-term

Support sub-folder in Harness-Vault connector
Hi Team, The Harness-Vault connector is not capable of pulling keys from subfolders. It would be great if you could add this feature. We are adding subfolder details in the stage variable to fetch the keys.
2
·

this fiscal quarter

Support search based on components and Licenses in policy violations side-car
In policy violations side-car page, search based on components/licenses defined in the violation rules
2
·

long-term

Severity of the policy set shown in the policy violations dashboard
Severity of the policy set (warn or block) shown in the policy violations dashboard (Pipeline execution summary)
2
·

long-term

Name of the Policy set should be shown in the policy violations dashboard
The name of the policy should also be shown in the Pipeline execution summary. This helps the team to identify which policy sets were violated
2
·

long-term

Support timestamping for artifact signing
A best practice for artifact signing is to support timestamping. Timestamping: To ensure the signature was produced within the certificate's validity window, a timestamp is added to the signed artifact. This will allow us to not fail a verification/validation step if the signing material has changed or expired. Without this, we would need to resign the same artifacts.
2
·

next fiscal quarter

ScoreCard integration
integrating something like scorecard to help understand potential issues with opensource package dependencies. https://github.com/ossf/scorecard
5
·

long-term

Powered by Canny