Harness today made generally available an Artifact Registry it has added to its portfolio of DevOps tools and platforms.
At the same time, Harness also revealed it has added a Dependency Firewall to the registry that enables DevSecOps teams to enforce controls at the point of ingestion. Rather than relying on downstream scans after a package has already entered a build, Dependency Firewall evaluates requests in real time to automatically block components with known vulnerabilities, license violations, excessive severity thresholds, or untrusted upstream sources.
Shankar Hariharan, a product director for Harness, said the Artifact Registry represents a major step toward unifying the management of artifacts that organizations deploy and the source code that is managed via their DevOps tools and platforms.
By embedding artifact management directly into the Harness platform, the registry becomes a built-in control point for applying role-based access controls (RBAC), audit logging, replication, quotas, scanning, and policy enforcement within the same platform where pipelines run, said Hariharan.
If an artifact does not meet defined policy requirements, it cannot be downloaded, promoted, or deployed until the issue is addressed. All quarantine and release actions are governed in real time by role-based access controls and fully auditable, ensuring transparency and accountability, added Hariharan.
Historically, DevOps teams have built software in one DevOps platform while often relying on a separate platform to deploy and update software artifacts. Harness is making a case for unifying those workflows in a way that makes it simpler to realize the promise of an integrated continuous integration/continuous delivery (CI/CD) platform, noted Hariharan.
Additionally, DevOps teams will also be able to better integrate security scans across that unified workflow, he added. Built-in scanning powered by the open source Aqua Trivy tool, combined with integrations across more than 40 security tools in Harness, feeds scan results directly into a platform where they are evaluated against policies, said Hariharan.
Artifact Registry currently supports a broad range of container formats, package ecosystems, and AI artifacts, including Docker, Helm (OCI), Python, npm, Go, NuGet, Dart and Conda with support for additional types of artifacts planned. Harness is also planning deeper integration with the Harness Security frameworks and its Internal Developer Portal.
While DevOps teams have aspired to unify the management of CI and CD, few organizations have fully achieved that goal. While just about every CI workflow is automated, many of the processes used to deploy software artifacts are still dependent on manual processes. It’s not clear to what degree organizations are looking to accelerate deployments, but as the amount of code being generated by artificial intelligence (AI) agents continues to increase the pressure to deploy software faster is only going to continue to mount.
Hopefully, advances in agentic AI will make it possible to narrow a widening gap between application developers and software engineers that are tasked with deploying software. In the meantime, however, many organizations may need to revisit how artifacts and source code are managed today in anticipation of embedding AI agents across their software development lifecycle (SDLC).
