Configure Harness SCS Plugins

When a Harness SCS pipeline starts, an Initialize step runs automatically before any other steps in the stage. This step sets up the environment and pulls the required Harness SCS images. By default, images are pulled from Docker Hub, but you can configure your pipeline to use images from the Harness project on Google Artifact Registry or the Harness ECR public gallery, depending on how you configure your accounts and pipelines to connect to the Harness container registry.

Harness SCS image pulls

By default, when SCS pipeline runs, the Harness Delegate uses a Docker connector to make an anonymous outbound connection to pull the Harness SCS images from the public container registry where they are stored.

Configure Image Pulls from a Private Registry

Harness SCS images are stored in a public container registry. If you don't want to pull the images directly from the public registry, you can pull Harness SCS images from your own private registry.

Below are the supported plugin images and their tags:

{

  "sscaOrchestrationTag": "harness/ssca-plugin",
  "sscaEnforcementTag": "harness/ssca-plugin",
  "sscaArtifactSigningTag": "harness/ssca-artifact-signing-plugin",
  "sscaArtifactVerificationTag": "harness/ssca-artifact-signing-plugin",
  "sscaCdxgenOrchestrationTag": "harness/ssca-cdxgen-plugin",
  "slsaVerificationTag": "harness/slsa-plugin",
  "sscaComplianceTag": "harness/ssca-compliane-plugin",
  "provenanceTag": "harness/slsa-plugin"
}

Harness SCS image pulls​

Configure Image Pulls from a Private Registry​

Harness SCS image pulls

Configure Image Pulls from a Private Registry