Harness Security Testing Orchestration (STO) integrates with multiple open-source and commercial security scanners for secure pipeline development and security testing. Orchestrating application security scanners across software delivery and processing the output of the scanners allows for both enhanced application security and high delivery velocity. STO can be configured to be used with Harness CI/CD or in a standalone mode, integrating with any CI tool.
Harness STO integrates with multiple scanners and supports use of software artifacts to acquire vulnerability data (such as code repository, container images, instances, or configuration files).
Vulnerability assessment can be done on each scanner-target combination. Vulnerability data can be acquired for processing in the following ways:
Security vulnerabilities identified during security testing, while often important, are not always actionable. In some scenarios, they may not be applicable to specific development environments or there might be additional complexity in resolving a security issue immediately. For these reasons, security exemptions are an important parcel of secure software development lifecycle. Security stakeholders can grant and manage exemptions on vulnerabilities or issues identified from security scans during various software development stages via Harness STO.
The STO dashboards provide a centralized source for aggregating multiple security scanner outputs with customizable views based on roles within the organization. Tailored dashboard views cater to specific organizational needs, providing a common place for security practitioners and developers to collaborate from and to prioritize, remediate, and address code vulnerabilities.
Harness STO empowers teams to customize governance configuration and enforce requirements as part of the CI/CD pipeline with customizable policies based on the Open Policy Agent (OPA) standard. This provides flexibility to define governance policies as needed across the organization and ensure that code being deployed meets the organization's specific security standards.
Harness STO eases developer workload by automating security scanning and governance in software delivery with customizable policies based on the Open Policy Agent (OPA) standard. This provides fine-grain control and enforces the execution of all desired security scanners across all stages of the SDLC. As a result, it prevents deployment of any code that has critical vulnerabilities from getting into a production environment.
An orchestrated scan is a fully automated workflow that scans an object and ingests the results into Harness in one Security step. Orchestrated scans are the easiest to set up and are a great way to get started with STO.
To ingest scan results from outside a Security step, you set up your pipeline as follows:
Harness provides built-in access control features including authentication, authorization, and auditing. It also allows you to enforce password policies, such as password strength, periodically expiring passwords, and enforcing two-factor authentication.
CCM has an industry-leading five-year retention period, giving our customers long-term views into their cloud cost history. Data retention policies depend on the Harness product and plan you are using.
By using Okta as your identity provider, you can efficiently provision and manage users in your Harness Account, Org, and Project. Harness's SCIM integration enables Okta to serve as a single identity manager for adding and removing users and for provisioning User Groups, helping your team gain efficiency for managing many users.
By using Azure AD as your identity provider, you can efficiently provision and manage users in your Harness Account, Org, and Project. Harness' SCIM integration enables Azure AD to serve as a single identity manager for adding and removing users and for provisioning User Groups. This integration improves efficiency when managing large numbers of users.
You can use OneLogin to provision users and groups in Harness. Harness' SCIM integration enables OneLogin to serve as a single identity manager for adding and removing users. This is especially efficient for managing large numbers of users.
Create organizations and add collaborators so all your organizations can easily work on projects together.
Create custom dashboards to access the information you need across your entire Harness platform deployment. The dashboard allows you to organize, explore, and present structured data logically. You can use this data to improve deployments and to inform and improve your operations and business decisions.
MSPs provide a valuable service to their customers, helping to manage their cloud spend, consumption, and resources. Harness MSP enablement, combined with role-based access control, ensures that customer accounts remain properly segregated for account security. It also ensures correct billing visibility on a per customer basis.
Harness supports single sign-on (SSO) with OAuth 2.0 identity providers, such as GitHub, Bitbucket, GitLab, LinkedIn, Google, and Azure. These integrations allow you to use an OAuth 2.0 provider to authenticate your Harness Users. Once OAuth 2.0 SSO is enabled, Harness Users can simply log into Harness using their GitHub, Google, or other provider's email address.
Harness supports SSO with SAML, integrating with your SAML SSO provider so you can log your users into Harness as part of your SSO infrastructure.
Harness supports SSO with LDAP implementations, including Active Directory and OpenLDAP. Integrating Harness with your LDAP directory enables you to log your LDAP users into Harness as part of Harness' SSO infrastructure. Once you integrate your Harness account with LDAP, you can create a Harness User Group and sync it with your LDAP directory users and groups. The users in your LDAP directory can then log into Harness using their LDAP emails and passwords.
Harness provides support for 2FA throughout the Harness Software Delivery Platform, with enforcement both at the individual user account level and at the account-wide (all accounts) level. 2FA setup with Harness is easy, using a smartphone-based process using QR codes for initial setup and username/password for all subsequent logins once configured.
Harness policy-as-code is a centralized policy management and rules service that leverages the Open Policy Agent (OPA) to meet compliance requirements across software delivery and enforce governance policies. Policies are written as declarative code, so they are easy to understand and modify, enabling teams to have autonomy over their processes with oversight and guardrails in place to prevent them from straying from standards. Teams can use policy-as-code to implement global governance policies across all releases, and combine with Pipeline Governance for policies to be implemented on a per-release basis.
Harness provides fine-grained RBAC to enforce separation of duties and control what user groups are granted access to specific resources based on assigned roles. This allows businesses to protect their data and key business processes through company-set rules and roles. Built-in roles are available by default to quickly create the desired permissions at the account, organization, and project level within Harness, as well as the ability to create custom roles for additional flexibility based on business needs that fall outside of the scope provided by default roles.
Harness Pipeline Governance measures how compliant your feature release pipelines are compared to your regulatory and operations standards. As a deployment pipeline is triggered within Harness, the deployment can require approval before releasing to production based on a “score” that indicates how compliant a given pipeline is before approving .- tThis “score” is made up of individual weighted tags that, together, determine the level of compliance.
Harness Audit Trails provide the visibility needed to meet organizational governance needs and prepare for external audits. With Harness Audit Trails, you can view and track changes to your Harness resources within your Harness account with data stored from up to two years prior. Without this data, developers are forced to manually compile information for audits.
Harness provides a flexible hosting model that allows for full SaaS implementations, full on-premise implementations, and hybrid implementations. These flexible models allow companies with a variety of security requirements to use Harness Feature Flags.
Hosting includes:
Those using open source and source-available products from Harness can access community.harness.io to leverage our community-supported knowledge base contributed to by both Harness staff and Harness users.
Harness standard support, included for all Harness customers on a paid contract, includes coverage from 9am to 5pm Monday through Friday, with response times indicated in the table below based on the severity of the need. Support entitlements are provided for two named admins for each customer.
Harness standard support, included for all Harness customers on a paid contract, includes coverage 24 hours a day, 7 days a week, with response times indicated in the table below based on the severity of the need. Also included at the Premier support level are Zoom-based communication as well as post-incident reports. Support entitlements are provided to all customer staff.
Automated DevSecOps for CI/CD Pipelines. Proactive application security scanning and governance for engineering and DevSecOps. Replace manual efforts, reduce toil and minimize risk associated with software vulnerabilities. Request your demo today.