Artifact Registry Security Integration

This guide explains how to configure and review security scanners in your Harness Artifact Registry.

Default Project-Level Scanner

The security scanner pipeline operates within a default project context, regardless of the registry's scope level (Account, Organization, or Project). This section explains the project requirements for each registry scope.

Project-Level Registry

When a registry is created at the project level, the scanner pipeline automatically runs in the same project. No additional configuration is required.

Organization-Level Registry

For registries created at the organization level:

1. Create a project named default_project within the organization that contains the registry
2. The scanner pipeline will automatically use this project for scanning operations

Example:

• Registry in organization "default" → Create default_project in "default" organization
• Registry in organization "custom_org" → Create default_project in "custom_org" organization

Account-Level Registry

For registries created at the account level:

1. Locate the "default" organization (automatically created with your account)
2. Create a project named default_project within the "default" organization
3. The scanner pipeline will use this project for all account-level registry scans

Configuring Security Scanners

Follow these steps to set up automated security scanning for your container images. This configuration will enable vulnerability detection and generate detailed reports each time you push a new image to your registry.

Interactive guide

Step-by-step

Select a Registry

1. Navigate to your Artifact Registry module
2. Select the registry you want to configure security scanning for

Access Configuration

1. Go to the Configuration tab
2. Locate the Security section

Review Integrated Security Scanners

Harness Artifact Registry integrates with the Harness Security modules (Supply Chain Security and Security Testing Orchestration) for scanning. Depending on your registry type and licenses, the following scanners are available:

• SBOM: Generates a Software Bill of Materials
• AquaTrivy: Comprehensive vulnerability scanning

---

Security Pipeline Creation

When you configure security scanning, Harness automatically creates a security scanner pipeline called HARNESS ARTIFACT SCAN PIPELINE. This pipeline includes:

• A supply chain security (SCS) stage
• Inline steps for either:
  • SBOM scanning
  • AquaTrivy security scanning

The specific scan performed depends on your selection in the Artifact Registry configuration.

Conclusion

With security scanning configured, your Artifact Registry now integrates with Harness Security modules to check for vulnerabilities in your container images. You can view scan results directly in the Harness platform and take action on any security findings. This integration helps ensure your container images meet your organization's security requirements before deployment.