Skip to main content

Create SSCA policies

With Harness SSCA, you can define and enforce policies governing the use of open-source components within your software artifacts. This policy management and enforcement capability helps you ensure compliance with your security, legal, and operational requirements.

You must create a OPA policy set containing rules that you want Harness SSCA to enforce. When you enforce SSCA policies in a Harness pipeline, the policy rules are evaluated against each component in the artifact's SBOM.

Tutorial

For an end-to-end walkthrough, try this tutorial: Generate SBOM and enforce policies.