Skip to main content

2026

January

Highlights: Hard delete setting for SCIM Users, Container SCA only option, Support for Groovy, New CVE webhook notifications, VS Code extension improvements, Harness SAST and SCA

  • Hard delete setting for SCIM Users: New Hard Delete Users setting for SCIM, under Organization Settings. When enabled, instead of deactivating a user it will be permanently deleted. The identity provider will have to create the user and all its associated data and relationships again.
  • Container SCA only option: New option --container-sca-only-upload for sl analyze allows to run a container SCA only and skip SAST and other processing steps. For more information, see the container documentation page.
  • Support for Groovy: Harness SAST and SCA can now analyze applications written in the Groovy programming language. For more information, see the Groovy documentation page.
  • New CVE webhook notifications: You can now receive webhook notifications when new CVEs have been published for an application that's been previously analyzed. This option can be enabled in the Organization Settings page.
  • VS Code extension improvements: The Harness SAST and SCA extension for VS Code can now detect dependency vulnerabilities as soon as a manifest file (e.g. requirements.txt) is saved. You can now also find the extension in the Open VSX Registry, and it can be installed in Cursor, Windsurf, and other IDEs that support Open VSX.
  • Harness SAST and SCA: Qwiet AI by Harness is now Harness SAST and SCA. The CLI, plugins, extensions, integrations, and other product offerings have been updated to reflect the new branding. Additionally, Harness SAST and SCA is now available natively within the Harness Security Testing Orchestration (STO) solution.