With Harness SSCA, you can define and enforce policies governing the use of open-source components within your software artifacts. This policy management and enforcement capability helps you ensure compliance with your security, legal, and operational requirements.
You must create a policy file containing the rules (policy definitions) that you want Harness SSCA to enforce. Create SSCA policy files in the Harness File Store.
- In your Harness Project, go to File Store under Project Setup. You can also create policies at the Account and Org scopes.
- Select New, and then select New File.
- Enter a Name, and then select Manifest for File Usage.
- Enter the policy definitions in the text editor, and then select Save.
For an end-to-end walkthrough, try this tutorial: Generate SBOM and enforce policies.