Feature Requests

Description: We experienced a production outage due to a recent change in the SBOM image, which is now using the latest Docker version. As a result, all pipelines failed during the SBOM orchestration stage. Support Ticket Reference: 98836 Request: Please add an option to specify the SBOM image tag in the SBOM orchestration stage. This will allow us to map to an older image tag if there are issues with the latest image. Currently, this option is not available in the SBOM orchestration stage.

We would like Harness to provide native support for Infrastructure-as-Code (IaC) scanning as part of its security testing orchestration (STO) capabilities. Specifically: Integration with WIZ: Allow a plugin or connector for WIZ to perform IaC scanning during pipeline execution. STO Support for IaC Scanning: Extend STO functionality to include IaC scanning checks, enabling security posture validation for Terraform, CloudFormation, and other IaC templates.

Currently, when a user is added at the Account level and subsequently granted Role Binding at the Project level, the user details of the requester or approver in Security Exemption are not visible to the user. We’ve identified that users need Account-level User View access to view the Security Exemption users. To address this, we require that Security Exemption views be made compatible with Project level User View access.

FOR Dashboard : Harness the Tile “untitled“ does not load properly when the filter Pipeline Created Date is set to last 365 days Query : https://dashboards.harness.io/admin/queries/de1bf76d9a1738790bf284dcb4fab81b

Add filters on the exemptions page - Scanner, Target, Exemption request by/approved by/rejected by, exemption reason The sorting on the columns should work for all the results and not just on the current page.

We are updating our Sonarqube Server installation to 2025.5.0 shortly and have been given a recommendation that clients interacting with that should use sonar-scanner version 7.1.0 to prevent incompatibility issues. We would like the builtin Sonarqube scan step/plugin to be updated to allow us to specify the updated sonar-scanner version, or use the newer version by default.

We got a requirement to scan VM image using wiz, but looks like harness has not provided option to select "Type" as "VM-Image", harness provided wiz plugin has only two target types "Repository" and "Container Image", can you please add "VM-Image" as well in the Target Types.

Need base image detection feature to be available for ingestion mode scans. The current feature supports orchestration mode scans. ETA of the feature ?

It would be great if we have a plugin for DataTheorem so that we can ingest the findings from DataTheorem and feed them into Harness STO

Snyk supports about 80 images GitHub. We want Harness to expand their coverage for image flavors for orchesteration with Snyk.