Harness announces the general availability of Artifact Registry. The platform integrates artifact management directly into the CI/CD environment, reducing the time between diagnosis and treatment of software artifacts by 83 percent. What used to take up to six months can now be done in a month.
Harness outlines that development teams have accepted a strange reality for years. You build in one system, deploy in another, and manage artifacts somewhere else. CI/CD pipelines run in one place, artifacts live in an external registry, and security scans happen later in the process. When developers need to publish or debug an artifact, they leave their pipeline, log into another system, and return to finish their work.
It works, but it’s fragmented and costly. It’s also becoming increasingly difficult to secure and manage. At Harness, they believe that artifact management belongs in the platform where software is built and delivered.
From concept to core product in one year
Artifact Registry started as a small, highly owned experiment within Harness. A dedicated team worked with a clear thesis: artifact management should not be a separate system that developers have to leave their pipelines for. They treated it like a seed startup within the company.
The message from enterprise teams was consistent. They didn’t want to link separate tools for artifact storage, open source dependency security, and vulnerability scanning. In just over a year, Artifact Registry moved from concept to core product. What started with one design partner grew to dozens of enterprise customers for general availability.
Currently, Artifact Registry supports a wide range of container formats, package ecosystems, and AI artifacts. Think Docker, Helm (OCI), Python, npm, Go, NuGet, Dart, and Conda. Enterprise teams standardize on it within CI pipelines, reducing registry sprawl and eliminating the friction of managing diverse artifacts outside their delivery workflows.
Dependency Firewall blocks risks at intake
Security is one of the clearest examples of why registry-native governance is important. Platform engineering requires integrated controls rather than separate systems.
Artifact Registry delivers this through Dependency Firewall, a registry-level enforcement control applied at dependency ingest. Instead of relying on downstream CI scans after a package has already entered a build, Dependency Firewall evaluates dependency requests in real time as artifacts enter the registry. Policies can automatically block components with known CVEs, license violations, or untrustworthy upstream sources before they are cached or consumed by pipelines.
Artifact quarantine extends this model by automatically isolating artifacts that fail vulnerability or compliance checks. If an artifact does not meet defined policy requirements, it cannot be downloaded, promoted, or deployed until the issue is addressed. All quarantine and release actions are managed by role-based access controls and are fully auditable.
Built-in scanning from Aqua Trivy, combined with integrations across more than 40 security tools in Harness, feeds results directly into policy evaluation. This enables organizations to automate release or quarantine decisions in real time. The result is a registry that functions as an active supply chain control point.
Tip: Harness raises $240 million for AI assistance after coding