Ensure Artifact Integrity and Open Source Governance

Monitor and control open source components, generate comprehensive Software Bills of Materials (SBOMs) for enhanced visibility, and guarantee software integrity in accordance with SLSA and Executive Order 14028 requirements.

SBOM Generation

SBOM orchestration and management

The Software Supply Chain Assurance (SSCA) module offers customers the flexibility to use their preferred tools for generating Software Bill of Materials (SBOM) in both CycloneDX and SPDX formats. Moreover, it empowers users to sign and attest SBOMs using their private keys, assess overall quality and manage drift.

SBOM Generation

Automatically generate Software Bill of Materials (SBOMs) with every build

SBOM Attestation

Attest SBOMs to ensure integrity and authenticity

SBOM Scoring

Assess overall SBOM quality based on a variety of key criteria

SBOM Drift Detection

Track changes between successive versions of an artifact, or between the artifact’s latest version and a pre-established baseline. 

Definitive Guide to DevSecOps

Download this ebook and learn how to simplify identifying and resolving security vulnerabilities early on while meeting regulatory obligations.

Comprehensive Visibility

Visibility & control over Open Source Software

With approximately 80% of a typical software relying on open source software, the SSCA module offers deep visibility into the usage of these components across all artifacts and their deployments. Further, it enables users to enforce policies by granting or restricting the use of components based on their name, version, license, supplier, and PURL.

Comprehensive Visibility

Comprehensive visibility into open-source components used in your artifacts and their deployment status

Policy Enforcement

Define and enforce policies to prevent use of harmful and risky open-source components

License Governance

Govern the usage of open-source licenses in your software

instant remediation

Instantly remediate Zero-Day vulnerabilities

The SSCA module’s remediation workflow uses contextual insights from Harness Platform to streamline the response to zero-day vulnerabilities. It provides an accurate assessment of the impact along with the tools to notify owners, track progress in real time, and generate detailed compliance reports.

Accurate Impact Assessment

Get an instant and accurate view of impacted artifacts along with their associated dependencies, deployments, and environments.

Notify Owners

Generate tickets and notifications for owners, along with detailed remediation recommendations

Real-time Progress Tracking

Get real-time remediation progress updates and generate detailed compliance reports

Artifact Integrity

Ensure Software Integrity using SLSA

SSCA ensures the integrity of software by generating and verifying attestations (provenance) in alignment with SLSA V1.0 specifications, assuring software consumers that the received software remains unaltered and tamper-free from its original state as produced by software producers.

Generate Provenance

Generate provenance as per SLSA V1.0 specifications for every build

Verify Provenance

Verify provenance before deployment for assurance

Hardened Build

Hardened build system to prevent tampering in your build process

Secure your software supply chain.

Have a question? We are here to help!

Talk to an Expert
Software Supply Chain Assurance