From 7d6f477cf53c0f44f747f676d2876e4d27a56163 Mon Sep 17 00:00:00 2001 From: Pranay Shah <89774391+pranay-harness@users.noreply.github.com> Date: Thu, 6 Mar 2025 12:54:34 +0530 Subject: [PATCH 1/3] Update sscaData.ts --- src/components/Roadmap/data/sscaData.ts | 89 ++++++++++++------------- 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/src/components/Roadmap/data/sscaData.ts b/src/components/Roadmap/data/sscaData.ts index 280d05e5d60..aff4859aa03 100644 --- a/src/components/Roadmap/data/sscaData.ts +++ b/src/components/Roadmap/data/sscaData.ts @@ -7,12 +7,12 @@ export const SscaData: Horizon = { { tag: [], title: "Repo Security Posture Management for GitHub", - description: "Identify misconfigurations in source code repositories based on industry standards such as CIS and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", + description: "Identify misconfigs in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", }, { tag: [], title: "Artifact Chain of Custody", - description: "Auditors can now review an artifact chain of custody - a comprehensive audit trail that serves as a ledger for every artifact built and deployed in a CI/CD pipeline.", + description: "Auditors can now review an artifact chain of custody - a comprehensive audit trail for auditors that serves as a ledger for every artifact built and deployed in a CI/CD pipeline.", }, { tag: [], @@ -26,34 +26,43 @@ export const SscaData: Horizon = { }, { tag: [], - title: "HashiCorp Vault Support", - description: "Leverage keys from HashiCorp Vault to attest and verify the build provenance.", + title: "SBOM & SLSA support with GitHub Actions", + description: "Generate SBOM and achieve SLSA compliance using GitHub Actions for artifacts built in GitHub.", + }, + { + tag: [], + title: "Artifact Signing and Verification", + description: "Ensure built artifact is not tampered before deployment.", + }, + { + tag: [], + title: "Report Generation", + description: "Generate comprehensive license reports detailing the licenses associated with artifacts.", }, ], }, "Now": { - description: "Q4 2024, Nov 2024 - Jan 2025", + description: "Q1 2025, Feb 2025 - April 2025", feature: [ { tag: [], - title: "Repo Security Posture Management for Harness Code", - description: "Identify misconfigurations in source code repositories based on industry standards such as CIS and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", + title: "Non-Container based Artifact Signing & Verification", + description: "Support for signing and verification for non-containerized artifacts like helm charts, manifest files, JARs, WARs etc.", }, - { tag: [], - title: "SBOM & SLSA support with GitHub Actions", - description: "Generate SBOM and achieve SLSA compliance using GitHub Actions for artifacts built in GitHub.", + title: "Artifact Chain of Custody v2", + description: "Enhanced audit trail that seamlessly integrates all pipeline events at an account level, spanning from source code to deployment.", }, { tag: [], - title: "Artifact Signing and Verification", - description: "Ensure built artifact is not tampered before deployment.", + title: "Repo Security Posture Management for Harness Code", + description: "Identify misconfigs in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", }, { tag: [], - title: "SBOM API Support", - description: "Enable SBOM download APIs for repos and artifacts.", + title: "OWASP OSS Top 10 Risks", + description: "Visibility into open source risks across built artifacts using SBOMs.", }, { tag: [], @@ -62,38 +71,23 @@ export const SscaData: Horizon = { }, { tag: [], - title: "Licensing Policies", - description: "Out of the box open source policies to check for non-compliant licenses in dependencies.", - }, - { - tag: [], - title: "Report Generation", - description: "Generate and download reports based on compliance standards such as CIS, and OWASP Top 10 CI/CD Security Risks", + title: "Bulk Onboarding", + description: "Allow users to bulk onboard GitHub repos across org and accounts via API.", }, { tag: [], - title: "Bulk Onboarding", - description: "Allow users to bulk onboard GitHub repos across org and accounts via API", + title: "SBOM API Support", + description: "Enable SBOM download APIs for repos and artifacts.", }, ], }, "Next": { - description: "Q1 2025, Feb - April 2025", + description: "Q2 2025, May - July 2025", feature: [ { tag: [], - title: "Artifact Chain of Custody V2", - description: "Enhanced audit trail that seamlessly integrates all pipeline events at an account level, spanning from source code to deployment.", - }, - { - tag: [], - title: "OSS Top 10 Risks", - description: "Visibility into open source risks across built artifacts using SBOMs.", - }, - { - tag: [], - title: "OSS Top 10 Policies", - description: "Out of the box policies to identify risks in open source dependencies based on OSS Top 10 Risks.", + title: "Cosign AWS Support", + description: "Leverage keys from AWS KMS to sign and verify artifacts.", }, { tag: [], @@ -107,23 +101,28 @@ export const SscaData: Horizon = { }, { tag: [], - title: "CI/CD Security for Jenkins", - description: "Perform static analysis to detect risks and misconfigurations in Jenkins pipelines.", + title: "Support for Gitlab & CircleCI", + description: "Complete support for GitLab, allowing users to onboard GitLab repositories and perform configuration checks, SBOM generation, and security scans.", }, { tag: [], title: "mTLS support for SCS plugins", description: "mTLS support for SCS plugin to ensure secure communication with Harness services.", }, + { + tag: [], + title: "OSS Top 10 Policies", + description: "Out of the box policies to identify risks in open source dependencies based on OSS Top 10 Risks.", + }, ], }, "Later": { - description: "Q2 2025+, May 2025 & beyond", + description: "Q3 2025+, August 2025 & beyond", feature: [ { tag: [], - title: "Support for Gitlab & CircleCI", - description: "Complete support for GitLab, allowing users to onboard GitLab repositories and perform configuration checks, SBOM generation, and security scans.", + title: "CI/CD Security for Jenkins", + description: "Perform static analysis to detect risks and misconfigurations in Jenkins pipelines.", }, { tag: [], @@ -137,13 +136,13 @@ export const SscaData: Horizon = { }, { tag: [], - title: "Remediation Tracker", - description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of targets (Artifact, CI/CD, Repos).", + title: "SBOM Scoring in Drift Detection", + description: "View risk scores on dependencies that get added or removed between artifact drifts which contain vulnerabilities, have invalid licenses, or are unmaintained.", }, { tag: [], - title: "SBOM Scoring in Drift Detection", - description: "View risk scores on dependencies that get added or removed between artifact drifts which contain vulnerabilities, have invalid licenses, or are unmaintained.", + title: "Remediation Tracker", + description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of target (Artifact, CI/CD, Repos).", }, ], }, From bf8b8a487111f2cc555b7f368f0eb2f65482a238 Mon Sep 17 00:00:00 2001 From: Pranay Shah <89774391+pranay-harness@users.noreply.github.com> Date: Sun, 9 Mar 2025 11:37:19 +0530 Subject: [PATCH 2/3] Update sscaData.ts Updated few Roadmap items --- src/components/Roadmap/data/sscaData.ts | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/components/Roadmap/data/sscaData.ts b/src/components/Roadmap/data/sscaData.ts index aff4859aa03..cc6a60e78b1 100644 --- a/src/components/Roadmap/data/sscaData.ts +++ b/src/components/Roadmap/data/sscaData.ts @@ -91,8 +91,8 @@ export const SscaData: Horizon = { }, { tag: [], - title: "UX Enhancements", - description: "Improving search, filtering across product pages and overall user experience.", + title: "Global Level View", + description: "Gain complete visibility into all artifact and code repositories across projects, along with their associated findings, in a unified account-level view.", }, { tag: [], @@ -101,13 +101,8 @@ export const SscaData: Horizon = { }, { tag: [], - title: "Support for Gitlab & CircleCI", - description: "Complete support for GitLab, allowing users to onboard GitLab repositories and perform configuration checks, SBOM generation, and security scans.", - }, - { - tag: [], - title: "mTLS support for SCS plugins", - description: "mTLS support for SCS plugin to ensure secure communication with Harness services.", + title: "Support for Gitlab & Bitbucket", + description: "Complete support for GitLab and Bitbucket, allowing users to onboard repositories and perform configuration checks, SBOM generation, and security scans.", }, { tag: [], @@ -144,6 +139,16 @@ export const SscaData: Horizon = { title: "Remediation Tracker", description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of target (Artifact, CI/CD, Repos).", }, + { + tag: [], + title: "Exemption Management", + description: "Manage exemptions for risk and compliance issues across all targets (Artifact, CI/CD, Repos).", + }, + { + tag: [], + title: "Automate OSS Dependency Updates with Harness AI", + description: "Leverage Harness AI to automatically generate PRs for updating outdated dependencies.", + }, ], }, }; From 015996d4dc796512aa8c22dda4881b442efc7fcd Mon Sep 17 00:00:00 2001 From: Teja Kummarikuntla <34749692+tejakummarikuntla@users.noreply.github.com> Date: Mon, 10 Mar 2025 19:22:41 +0530 Subject: [PATCH 3/3] Text format corrections --- src/components/Roadmap/data/sscaData.ts | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/components/Roadmap/data/sscaData.ts b/src/components/Roadmap/data/sscaData.ts index cc6a60e78b1..535561d5327 100644 --- a/src/components/Roadmap/data/sscaData.ts +++ b/src/components/Roadmap/data/sscaData.ts @@ -7,7 +7,7 @@ export const SscaData: Horizon = { { tag: [], title: "Repo Security Posture Management for GitHub", - description: "Identify misconfigs in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", + description: "Identify misconfigurations in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Security Risks. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", }, { tag: [], @@ -47,7 +47,7 @@ export const SscaData: Horizon = { { tag: [], title: "Non-Container based Artifact Signing & Verification", - description: "Support for signing and verification for non-containerized artifacts like helm charts, manifest files, JARs, WARs etc.", + description: "Support for signing and verification for non-containerized artifacts like helm charts, manifest files, JARs, WARs, etc.", }, { tag: [], @@ -57,7 +57,7 @@ export const SscaData: Horizon = { { tag: [], title: "Repo Security Posture Management for Harness Code", - description: "Identify misconfigs in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", + description: "Identify misconfigurations in source code repositories based on industry standards such as CIS v1.0 and OWASP Top 10 CI/CD Risk. Also, includes support for SBOM generation and security tests such as SAST, SCA, and secrets scanning.", }, { tag: [], @@ -67,7 +67,7 @@ export const SscaData: Horizon = { { tag: [], title: "SLSA Policies", - description: "Out of the box policies to ensure compliance with Level 1, Level 2, and Level 3 requirements.", + description: "Out-of-the-box policies to ensure compliance with Level 1, Level 2, and Level 3 requirements.", }, { tag: [], @@ -121,7 +121,7 @@ export const SscaData: Horizon = { }, { tag: [], - title: "SBOM & SLSA support for Jenkins", + title: "SBOM & SLSA Support for Jenkins", description: "Generate SBOMs and achieve SLSA compliance using Jenkins pipelines.", }, { @@ -137,7 +137,7 @@ export const SscaData: Horizon = { { tag: [], title: "Remediation Tracker", - description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of target (Artifact, CI/CD, Repos).", + description: "Assign vulnerabilities & compliance issues to developers using remediation tracker to track across different types of targets (Artifact, CI/CD, Repos).", }, { tag: [],