What's supported by Harness SCS
This document outlines the platforms, features, and integrations supported by Harness SCS. The Supply Chain Security (SCS) module is available on the following platforms:
- Harness SaaS
- Harness Self-Managed Enterprise Edition
- Harness Self-Managed Enterprise Edition in Air-gapped/Offline Environments
SCS on Harness SaaS
- Repository Security Posture Management - RSPM
- Generate or ingest SBOM, followed by SBOM drift detection and scoring.
- Enforce OSS usage with SBOM governance policies.
- Generate SLSA provenance and achieve Build Levels 1, 2, and 3.
- Verify SLSA provenance with SLSA governance policies.
- Attest and verify SBOM and SLSA Provenance with Cosign.
- Create and manage Remediation Trackers.
SCS on Harness Self-Managed Enterprise Edition (SMP)
Connected Environment
All features of 'SCS on Harness SaaS' are available in an SMP environment, with the following exceptions:
- Creating a Remediation tracker will require manually adding the CVE details as auto-population is linked with STO module. However, if you are using Harness STO SMP, this limitation does not apply.
- Achieving SLSA Level 3 compliance is not possible in SMP, as it requires Harness hosted build infrastructure. This capability is available through 'SCS on Harness SaaS'.
Air-gapped Environment
All features of SCS on Harness SaaS are available in an air-gapped or offline environment, with the following exceptions:
- Repository Security Posture Management is not supported in air-gapped environments.
- In the generated SBOMs, the license data for certain dependencies will be marked as "NOASSERTION", leading to a reduced SBOM quality score. However, this does not impact the SBOM generation or any other features of SBOM Orchestration.
- Logging the attestation record in the Sigstore public Rekor will not be performed during the SBOM and SLSA Provenance attestation process, but this will not impact the attestation itself.
- Creating a Remediation tracker will require manually adding the CVE details as auto-population is linked with STO module. However, if you are using Harness STO SMP, this limitation does not apply.
- Achieving SLSA Level 3 compliance is not possible in SMP, as it requires Harness hosted build infrastructure. This capability is available through 'SCS on Harness SaaS'.
- Detection of Outdated, Unmaintained, Close to EOL, and EOL Components is not yet supported.
SCS Steps Support Across Stages
| Step | Build Stage | Security Stage | Deploy Stage |
|---|---|---|---|
| SBOM Orchestration | Yes | Yes | Yes |
| SBOM Policy Enforcement | Yes | Yes | Yes |
| SLSA Generation | Yes | No | No |
| SLSA Verification | Yes | Yes | Yes |
| SCS Compliance | Yes | Yes | No |
| Artifact Signing | Yes | Yes | No |
| Artifact Verification | Yes | Yes | Yes |
note
Harness SCS currently only support the Kubernetes, Native Helm, and Amazon ECS deployment types in the Deploy stage.
Build Infrastructure
The following table shows SCS support for each infrastructure type.
| Operating System | Architecture | Harness Cloud | Self-managed local runner | Self-managed AWS/GCP/Azure VMs | Self-managed Kubernetes cluster |
|---|---|---|---|---|---|
| Linux | amd64 | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| Linux | arm64 | ✅ Supported | ✅ Supported | ✅ Supported | ✅ Supported |
| Windows | amd64 | ❌ Not supported | ❌ Not supported | ❌ Not supported | ❌ Not supported |
| MacOS | arm64 | ❌ Not supported | ✅ Supported | ❌ Not supported | ❌ Not supported |
Use SCS
| Feature | Works with Harness Code Repository | Works with Harness CI (using Harness Pipeline's Build Stage) | Works with Harness CD (using Harness Pipeline's Deploy Stage) | Works with 3rd Party Code Repo/CI/CD (using Harness Pipeline's Security Stage) |
|---|---|---|---|---|
| Repository Security Posture Management | On Roadmap | N | N | Only GitHub, others are on Roadmap |
| CICD Security Posture Management | - | Works with Harness pipelines | Works with Harness pipelines | Only GitHub Actions, others are on Roadmap |
| Generate or ingest SBOM, followed by SBOM drift detection & SBOM scores | Y | Y | Y | Y |
| Enforce OSS usage with SBOM governance policies | Y | Y | Y | Y |
| Generate SLSA provenance | Y | Y | N | N |
| Verify SLSA provenance with SLSA governance policies | Y | Y | Y | Y |
| Create and manage Remediation Trackers | On Roadmap | On Roadmap | Y with Live Tracking | Y without Live Tracking |
For information about what's supported for other Harness modules and the Harness Platform overall, go to Supported platforms and technologies.