With our new Pipeline Governance feature, you can now measure how compliant your Harness Pipelines are with your regulatory and operations standards.

What is Pipeline Governance?

 

Regulatory and operational compliance is critical in software development. Regulatory standards impact the entire SDLC, including development, testing, deployments, operations, and monitoring. There is no shortage of regulations that are designed to help protect organizational security and consumer privacy, including PCI, HIPAA, and SOX. With our new Pipeline Governance feature, you can now measure how compliant your Harness Pipelines are with your regulatory and operations standards. 

When a deployment pipeline is triggered within Harness, the deployment may wait for a manager to approve before a production release. During this approval process, the manager requires an understanding of pipeline compliance with their regulatory standards. We solved this by providing the ability to “score” a pipeline before approving a release. 

What is a “score”? 

A pipeline score is a measure of how compliant your Pipelines are with your regulatory and operations standards. In the same way that a Pipeline is made up of various workflows and stages, a score is made up of tags indicating compliance. Each tag is given a weight. The weight of the tag impacts the overall percentage score. For example, let’s assume you have two tags with the following weights:

  • Foo – 1
  • Bar – 1

Then, Foo and Bar are equally distributed at 50% to contribute to the overall 100% score. However, let’s introduce a third tag with a weight of 2:

  • Foo – 1
  • Bar – 1
  • Hop – 2

The distribution counts Foo at 25%, Bar at 25%, and Hop at 50%. So, if Foo is missing in the compliance check, your score is 75% (since Foo accounts for 25% of the score). However is Hop is missing, your score is 50%. 

How to score a pipeline

Throughout each stage — and associated workflow — in your pipeline, you have the opportunity to apply tags. Each tag can represent a compliance standard. For example:

  • PCI
  • HIPAA
  • SOX

For a refresher on our tagging feature, check out this article

Depending on your requirements, you tag your workflows with whatever compliance standard necessary for your given workflow. 

Creating a Governance Standard

Navigate to Continuous Security, then Governance. Click on +Add Governance Standard. Click on Add Rule and then proceed to add your rules. In this example, I’m going to add three tags: PCI, HIPAA, and SOX. 

Be sure to add each tag as it’s own rule and not all three tags under the same rule. This way, we can weigh each tag. So, I’ll give SOX a weight of 2 and the rest a weight of 1. 

Click on Advanced Settings and then associate your Governance Standard with the application you want to govern. 

Measuring a Governance Standard

Navigating back to your pipeline, you’ll find your governance scores at the bottom of the pipeline configuration screen (Setup > [your application] > Pipeline). You’ll see which tags you’re monitoring for, their weight impact on the score, and the overall percentage score of your conformance! 

You can learn more about this feature by visiting the docs

More recent updates

Give Us Your Harness Tips & Tricks!

Any customers who have a unique tip or trick on how they use Harness will be given a $25 gift card. (Disclaimer: Limited one per person and must be a unique use-case not marketed in any of our materials. Email marketing@harness.io with your story.

Keep Reading

Give Us A Shout

Use the form below to drop us a line.

"We reduced deployment effort by 16 hours per day, saving $290,000 a year."
"By implementing automation with Harness, we eliminated the need to incur $500,000 in DevOps costs."
"We achieved a 10x return on investment within first few months, while reducing deployment time from 2 days to 2 hours."

Contact Sales

Please fill out the form below and we’ll get back to you directly.

"We reduced deployment effort by 16 hours per day, saving $290,000 a year."
"By implementing automation with Harness, we eliminated the need to incur $500,000 in DevOps costs."
"We achieved a 10x return on investment within first few months, while reducing deployment time from 2 days to 2 hours."

Request a Price Quote.

Our goal is to help you deliver applications to production safely, and reliably with effective release management tools. Fill out the form below and we’ll get back to you quickly.

"We reduced deployment effort by 16 hours per day, saving $290,000 a year."
"By implementing automation with Harness, we eliminated the need to incur $500,000 in DevOps costs."
"We achieved a 10x return on investment within first few months, while reducing deployment time from 2 days to 2 hours."

Get Started

Harness is easy to trial, easy to use, easy to love.

By signing up, you agree to our Privacy Policy and our Terms of Use.

Try Harness

To join an existing Harness account, please enter:

❮ Go back

Thanks for Contacting Harness

We received your information and we’ll be in touch shortly.

Meanwhile, keep up-to-date on Harness by checking out our blog.

    Request a Demo for Access to our Trial

    For On-Prem, we'll set up a brief demo to discuss getting you started.