Supply Chain Security release notes
These release notes describe recent changes to Harness Supply Chain Security.
About Harness Release Notes
- Progressive deployment: Harness deploys changes to Harness SaaS clusters on a progressive basis. This means that the features described in these release notes may not be immediately available in your cluster. To identify the cluster that hosts your account, go to your Account Overview page in Harness. In the new UI, go to Account Settings, Account Details, General, Account Details, and then Platform Service Versions.
- Security advisories: Harness publishes security advisories for every release. Go to the Harness Trust Center to request access to the security advisories.
- More release notes: Go to Harness Release Notes to explore all Harness release notes, including module, delegate, Self-Managed Enterprise Edition, and FirstGen release notes.
July 2024
Version: 1.14.3
Announcements
SCS is now Generally Available (GA). We have moved from Limited GA (since January 2024) to GA. Read more on our announcement blog.
New features
- Repository Security Posture Management:
- Connect your GitHub with Harness SCS to identify insecure configurations in code repositories and organization settings for comprehensive risk, compliance, and security posture management. Use the Harness SCS GitHub app for integration. Learn more in our RSPM documentation.
- Manage Risk and Compliance
- Compliance Section: A new Compliance section to assess and understand the risk posture of your entire supply chain. Detailed information is available in the Manage Compliance Posture documentation.
- Rule Definitions Section: Access a complete list of all standards and associated rules supported by Harness SCS, including: More details can be found in the Standards and Rule Definitions documentation.
- Integrations and Permissions
- A new interface to manage your integrations with Harness SCS. Learn more about this in the Integrations and Permissions document.
Enhancements
Artifact view will now support the following views
- Chain of Custody: Log the artifact's journey throughout the software supply chain.
- Artifact Listing: View all container images, including their digests and tags.
- Security Insights: Access detailed information on security vulnerabilities.
- SLSA Provenance: View the provenance and verification status of artifacts following the SLSA framework.
July 2024
Version 1.12.0
New features and enhancements
- The "Repositories" tab previously located in the Artifact View has been relocated and expanded into a separate section titled "Code Repositories". All repository data will now be accessible from the Code Repositories section, providing a more streamlined interface for managing repository information.
September 2023
The Supply Chain Security module documentation is live on the Harness Developer Hub. Check back soon for module release notes.