Get started
This guide will help you onboard to the Harness SCS features, allowing you to set up RSPM, CI/CD SPM, and Artifact Security with integrations. The onboarding process involves two main steps, configuring your integrations and selecting your resources.
To begin, navigate to the Get Started section in the SCS module and click on Get Started.
Here, you’ll find a list of all currently supported integrations and those that are coming soon. You can also click to expand each integration and view the features it supports.
Please refer to the Use SCS section in the onboarding document to see the full list of supported integrations for each feature.
Depending on your chosen integration and SCS features, refer to the appropriate sections below to get started:
Setup RSPM and CI/CD SPM on GitHub repos and Actions
Follow the instructions to connect your GitHub account with Harness SCS for RSPM and CI/CD SPM by installing the Harness-SCS GitHub app.
To begin, from the Get Started page click to expand the GitHub integration.
You can select Configure in the Repo Security and CI/CD Security option. This will take you to a new screen with two steps: configuring your integration and selecting the repositories to scan.
You can click on Launch GitHub to configure to proceed.
You will be redirected to the Harness-SCS GitHub app to configure the app for connection with Harness SCS.
Configuring the GitHub App: Harness-SCS
Configuring the Harness-SCS app allows SCS to connect with your GitHub and fetch necessary information.
- Visit the Harness-SCS GitHub app and click the ‘Configure’ button.
-
Authorize Harness by selecting the organization where you want to install the app.
If the button says Authorize and Request instead of Install and Authorize," you don’t have permission to install the GitHub App. Please contact your GitHub admin for permissions. For detailed information about permissions, refer to the Integrations and Permissions document.
- Grant access to repositories. You can either select all repositories or choose specific ones. By default, Harness performs scans on your repositories every 24 hours.
After configuring, you will be redirected back to the Harness Get Started flow, where you can choose the list of repositories. The list will show the repositories already selected through your integration. You can modify your selection here or finish the onboarding.
While selecting repositories, you also have the option to automatically add any newly created repositories in the future. To enable this, simply check the option Automatically add all future repositories owned by the resource owner.
Once your selection is done, click on Finish.
After clicking Finish a pipeline is triggered to perform operations on the selected repositories. You will be redirected to the Integrations page, where you can check the status of the integration.
Navigate to the Code Repositories section to view your repositories, and the CI/CD section to view your pipelines, along with their risk and security posture.
Setup CI/CD SPM on Harness pipelines
From the Get started page, click on Harness under available integrations, and select Enable on the CI/CD Security options. This will setup the CI/CD SPM on your Harness pipelines.
Navigate to the CI/CD section to view your pipelines, along with their risk and security posture.