Harness has announced the general availability of Artifact Registry, marking a deliberate shift in how artifact management should work in secure software delivery.
Artifact Registry started as a bet inside Harness, with a dedicated team and a clear thesis that artifact management shouldn’t be a separate system developers have to leave their pipelines to use. It was treated like a seed startup inside the company, incorporating direct customer feedback, with a single-threaded leader driving the vision. The team quickly learned that customers did not want to combine separate tools for artifact storage, open-source dependency security, and vulnerability scanning.
Today, Artifact Registry supports container formats, package ecosystems, and AI artifacts, including Docker, Helm (OCI), Python, npm, Go, NuGet, Dart, Conda, and more. Enterprise teams are standardizing on it across CI pipelines, reducing registry sprawl, and eliminating the friction of managing diverse artifacts outside their delivery workflows.
The SolarWinds breach or Shai-Hulud 2.0 incidents, for instance, reveal an important business reality – that risk often enters early in the software lifecycle.Â
When artifact storage, open-source governance, and security scanning are managed in separate systems, oversight becomes fragmented. Controls are applied after the fact, visibility is incomplete, and teams operate in silos. The result is slower response times, higher operational costs, and increased exposure. Harness saw an opportunity to simplify and strengthen this model. By embedding artifact management directly into the Harness platform, the registry becomes a built-in control point within the delivery lifecycle.Â
Early customer Jasper van Rijn, Drax Group’s Head of Software Engineering said, “Harness is helping us achieve a single source of truth for all artifact types containerized and non-containerized alike making sure every piece of software is verified before it reaches production.”Â
Artifact Registry delivers this through Dependency Firewall, a registry-level enforcement control applied at dependency ingest. Rather than relying on downstream CI scans after a package has already entered a build, Dependency Firewall evaluates dependency requests in real time as artifacts enter the registry. Policies can automatically block components with known CVEs, license violations, excessive severity thresholds, or untrusted upstream sources before they are cached or consumed by pipelines.
General Availability signals that Artifact Registry is now a core pillar of the Harness platform. Sign up for a demo and see firsthand how Harness Artifact Registry delivers high-performance artifact distribution with built-in security and governance at scale.
Join our LinkedIn group Information Security Community!
