What's supported by Harness SSCA

For information about what's supported for other Harness modules and the Harness Platform overall, go to Supported platforms and technologies.

The Harness SSCA module supports the following components and standards.

SBOM tools

• Syft
• Blackduck
• Aqua Trivy
• Snyk

SBOM formats

• SPDX
• CycloneDX

Artifact repositories

• Docker Hub
• GCR
• Amazon ECR

SLSA compliance level

• Level 2, when used along with Harness CI Hosted Builds.

You can generate and sign provenance as per the SLSA v1.0 spec to achieve Level 2 compliance.

Attestation/Provenance generation & verification tools

• Sigstore Cosign with built-in in-toto attestations

Policy enforcement attributes

• Component name
• Component version
• License
• Supplier
• PURL