Skip to main content

What's supported by Harness SCS

This document outlines the platforms, features, and integrations supported by Harness SCS. The Supply Chain Security (SCS) module is available on the following platforms:

SCS on Harness SaaS

SCS on Harness Self-Managed Enterprise Edition (SMP)

Connected Environment

All features of 'SCS on Harness SaaS' are available in an SMP environment, with the following exceptions:

  • Creating a Remediation tracker will require manually adding the CVE details as auto-population is linked with STO module. However, if you are using Harness STO SMP, this limitation does not apply.
  • Achieving SLSA Level 3 compliance is not possible in SMP, as it requires Harness hosted build infrastructure. This capability is available through 'SCS on Harness SaaS'.

Air-gapped Environment

All features of 'SCS on Harness SaaS' are available in an air-gapped or offline environment, with the following exceptions:

  • Repository Security Posture Management is not supported in air-gapped environments.
  • In the generated SBOMs, the license data for certain dependencies will be marked as "NOASSERTION", leading to a reduced SBOM quality score. However, this does not impact the SBOM generation or any other features of SBOM Orchestration.
  • Logging the attestation record in the Sigstore public Rekor will not be performed during the SBOM and SLSA Provenance attestation process, but this will not impact the attestation itself.
  • Creating a Remediation tracker will require manually adding the CVE details as auto-population is linked with STO module. However, if you are using Harness STO SMP, this limitation does not apply.
  • Achieving SLSA Level 3 compliance is not possible in SMP, as it requires Harness hosted build infrastructure. This capability is available through 'SCS on Harness SaaS'.

For information about what's supported for other Harness modules and the Harness Platform overall, go to Supported platforms and technologies.