Enforce Artifact Governance with OPA Policy-as-Code | Harness Artifact Registry

harness logo
Harness
Jun 9, 2026
Harness

Artifact governance should not depend on manual checks.

But for many teams, container images, software packages, and open-source dependencies are imported into registries from multiple internal and external sources. Without automated guardrails, vulnerable images, untrusted packages, end-of-life dependencies, or non-compliant artifacts can reach developers and delivery pipelines.

In this walkthrough, Shibam Dhar, DevRel Engineer at Harness, shows how Harness Artifact Registry uses Open Policy Agent (OPA), Rego, policy sets, security scanning, and Dependency Firewall to enforce governance across the software supply chain.

You’ll see how Harness Artifact Registry:

  • Defines registry-wide policy sets that can be applied at the Account, Organisation, or Project scope
  • Enforces naming and compliance requirements whenever registries are created or modified
  • Evaluates OCI artifacts against OPA policies during built-in container scanning
  • Automatically quarantines container images that violate vulnerability or CVE policies
  • Applies policies to upstream proxy registries using Dependency Firewall
  • Blocks or warns developers about outdated and end-of-life open source packages
  • Uses AI-assisted policy generation to create Rego policies for Artifact Registry governance, security scanning, and upstream dependency use cases.

If your team wants to prevent risky artifacts and dependencies from entering the software delivery lifecycle, this video is for you.

Learn more about Harness Artifact Registry:
🔗 Product page – https://www.harness.io/products/artifact-registry
📘 Documentation – https://developer.harness.io/docs/artifact-registry

Chapters:

00:00 Introduction

01:32 Registry-wide policy enforcement

03:05 Applying policies during container scanning

04:58 Securing upstream dependencies with Dependency Firewall

06:39 Generating OPA policies with AI

07:13 Final recap

#Harness #ArtifactRegistry #OPA #Rego #PolicyAsCode #DevSecOps #SoftwareSupplyChain #DependencyFirewall #ContainerSecurity #OpenSourceSecurity #CICD #DevOps #ai

Copyright © 2026 OpsMatters™. All rights reserved.