Scorecard Data Sources

Harness IDP allows you to integrate various data sources and implement custom checks to ensure your software components adhere to best practices and compliance. In this docs, we'll walk through how to add custom checks and data sources for scorecards in Harness IDP.

Overview

Harness IDP allows you to integrate various data sources, such as GitHub, GitLab, Bitbucket, Azure DevOps, and many more, to collect specific data points for each software component. Once a data source is enabled, you can use them to create checks to be used in scorecards.

Add Custom Checks

Under the Admin go to Scorecards.
In the Scorecards go to the Checks tab and select Create Custom Check.
Now on the Create Check page add a name and description for your check.
Under Rules you can find the following Data Sources to select from.

info

There's a tab called Data Sources available in Scorecards page to check for supported data sources and the corresponding data points.

caution

The git (GitHub, GitLab, Bitbucket) datasources doesn't support monorepos.

The following Data Points are available for GitHub Data Source.

Branch Protection

Objective: Ensure that branch protection rules disallow force push and delete.
Calculation Method: Fetch backstage.io/source-location annotation from the catalog YAML file to find repository details and verify the branch protection rules.
Prerequisites: Github Connector with Admin access. Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://github.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

File Existence

Objective: Verify the existence of a specified file in the repository.
Calculation Method: Use the backstage.io/source-location annotation to locate the repository and check for the file’s presence. Make sure to mention the filename with extension or relative path from the root folder (Eg: README.md or docs/README.md) in the conditional input field.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://github.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

Mean Time to Merge Pull Request

Objective: Calculate the average time taken to merge the last 100 pull requests.
Calculation Method: Retrieve repository details using backstage.io/source-location and calculate the average merge time.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the branch name in the conditional input field.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://github.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

Average time to complete successful workflow runs (in minutes)

Objective: Calculate the average time taken to complete successful workflow runs (in minutes).
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the average time for the last 100 successful workflow runs to complete.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the workflow id or filename in the conditional input field.

Average time to complete workflow runs (in minutes)

Objective: Calculate the average time taken to complete workflow runs (in minutes).
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the average time for the last 100 workflow runs to complete.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the workflow id or filename in the conditional input field.

Workflow success rate

Objective: Calculates success rate for the given workflow.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the success rate for the workflow.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the workflow id or filename in the conditional input field.

Workflows count

Objective: Calculates total number of workflows.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the total number of workflows
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository.

Open code scanning alerts

Objective: Calculates the total number of open alerts reported in code scanning for the given severity.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the total number of open alerts reported in code scanning.
Prerequisites: GitHub Connector with read access for code scanning alerts. Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the severity type in the conditional input field.

Open Dependabot alerts

Objective: Calculates the total number of open alerts reported by Dependabot for the given severity.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the total number of open alerts reported by Dependabot.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the severity type in the conditional input field.

Open secret scanning alerts

Objective: Calculates the total number of open alerts reported in secret scanning.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the total number of open alerts reported in secret scanning.
Prerequisites: GitHub Connector with read access for secret scanning alerts. Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository.

Open pull requests by account

Objective: Calculates the total number of open pull requests raised by the given account.
Calculation Method: Fetches backstage.io/source-location annotation from catalog YAML file to find repository details and calculates the total number of open pull requests raised by account.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitHub repository. Make sure to mention the username in the conditional input field.

The following Data Points are available for GitLab Data Source.

Branch Protection

Objective: Ensure that branch protection rules disallow force push and delete.
Calculation Method: Fetch backstage.io/source-location annotation from the catalog YAML file to find repository details and verify the branch protection rules.
Prerequisites: GitLab Connector with Admin access. Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitLab repository.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://gitlab.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

File Existence

Objective: Verify the existence of a specified file in the repository.
Calculation Method: Use the backstage.io/source-location annotation to locate the repository and check for the file’s presence. Make sure to mention the filename with extension or relative path from the root folder (Eg: README.md or docs/README.md) in the conditional input field.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitLab repository.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://gitlab.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

Mean Time to Merge Pull Request

Objective: Calculate the average time taken to merge the last 100 pull requests.
Calculation Method: Retrieve repository details using backstage.io/source-location and calculate the average merge time.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source GitLab repository. Make sure to mention the branch name in the conditional input field.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://gitlab.com/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

The following Data Points are available for Bitbucket Data Source.

Branch Protection

Objective: Ensure that branch protection rules disallow force push and delete.
Calculation Method: Fetch backstage.io/source-location annotation from the catalog YAML file to find repository details and verify the branch protection rules.
Prerequisites: Bitbucket Connector with Admin access. Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source BitBucket repository.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://bitbucket.org/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

Mean Time to Merge Pull Request

Objective: Calculate the average time taken to merge the last 100 pull requests.
Calculation Method: Retrieve repository details using backstage.io/source-location and calculate the average merge time.
Prerequisites: Provide suitable backstage.io/source-location annotation if the catalog YAML file is present outside the source Bitbucket repository. Make sure to mention the branch name in the conditional input field.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    backstage.io/source-location: 'url:https://bitbucket.org/kubernetes/kubernetes/tree/master'
    ...
spec:
    ...

Pre-Requisites

For the functioning of Harness Data Source related checks, the Harness CI/CD plugin should be configured with new annotations in catalog info YAML, harness.io/pipelines and harness.io/services as mentioned in the setup steps instruction of Harness CI/CD plugin

info

In the Harness Data source, the first pipeline URL from harness.io/pipelines is considered for score computation and similarly, the first service URL from harness.io/services is considered.

The following Data Points are available for Harness Data Source.

CI Pipeline success rate (last 7 days):

Objective: Used for creating rules that will check the success percent of the ci-pipeline in the past 7 days. (This data point is only applicable for CI Pipelines).
Calculation Method: The success rate is calculated only on CI Pipeline that we provide in catalog info YAML with annotation is considered for evaluating the check.

Policy evaluation successful:

Objective: This data point can be used for creating a rule that will check if the policy evaluation is successful in pipelines. (This data point is applicable to both CI and CD Pipelines)

Tests passing on CI (boolean):

Objective: This data point can be used for creating a rule that will check if all the test cases running the CI Pipeline are passing(not a single failing test case). (This data point is only applicable to CI Pipeline)

STO stage added in pipeline:

Objective: This data point can be used for creating a rule that will check if STO stage is added in the pipelines. (This data point is applicable to both CI and CD Pipelines)

info

Points to remember:-

In the case of CI Pipeline, the first pipeline that we provide in the annotation in catalog info YAML will be used for evaluating the rules corresponding to data points. If the rule depends on the execution of the pipeline then the latest execution of the provided CI Pipeline will be considered.
In the case of CD Pipeline, the latest deployment pipeline using the first service that we provide in the annotation in catalog info YAML is considered for evaluating the rules corresponding to data points.
If the data point depends on both CI and CD Pipelines, annotations corresponding to both should be present in the catalog YAML

Error Scenarios:

In case the check fails, the failure summary will provide the details for the pipeline because of which the check is failing. [We can refer to the pipeline and fix the pipeline with respect to the corresponding check]

In case if annotation is missing the catalog info YAML, we will get the failure summary for the check in order to add the annotation [We can refer to the Pre-Requisite section to add it]

The following Data Points are avilable for Catalog Data Source.

Owner is defined:

Objective: Checks if the catalog YAML file has the owner configured or not
Calculation Method: The catalog YAML is inspected to check if the owner is under the spec field and the owner should not be Unknown.

Example YAML

apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  ...
spec:
  type: service
  system: order
  lifecycle: experimental
  owner: order-team

Documentation Exists:

Objective: Checks if the catalog YAML file has the annotation backstage.io/techdocs-ref configured or not.
Calculation Method: The catalog YAML is inspected to check if the backstage.io/techdocs-ref is present under the metadata field.
Prerequisites: The directory configured should have the mkdocs.yml file and a docs directory having all the documentation in markdown format.

Example YAML

apiVersion: backstage.io/v1alpha1
kind: Component
metadata:
  name: order-service
  annotations:
    backstage.io/techdocs-ref: dir:.
    ...
spec:
    ...

Pagerduty is set:

Objective: Checks if the catalog YAML file has the annotation pagerduty.com/service-id configured or not.
Calculation Method: The catalog YAML is inspected to check if the pagerduty.com/service-id is present under the metadata field.
Prerequisites: The Pagerduty plugin needs to be configured and enabled in the admin section. Please refer here for more details.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    pagerduty.com/service-id: PT5ED69
    ...
spec:
    ...

Prerequisites:

Plugin Configuration

The Kubernetes plugin needs to be configured. Refer here.

info

The plugin provides 2 ways to authenticate - serviceAccount and Google authentication. But currently, the scorecards supports serviceAccount type authentication only.

Entity Configuration

There are two ways to surface Kubernetes components as part of an entity using annotations - backstage.io/kubernetes-id and backstage.io/kubernetes-label-selector. But currently, scorecards support backstage.io/kubernetes-label-selector annotation only.

The following Data Points are available for Kubernetes Data Source.

Replicas Count:

Objective: Fetches the number of replicas configured for the given service.
Calculation Method: The label selector configured in the catalog YAML is used to identify the Kubernetes workload and the configured replica count is used. The cluster details configured in the Kubernetes plugin are used. If more than one cluster is configured, the workload search is done in each cluster and a minimum of all the replica counts is taken into consideration.
Prerequisites: The Kubernetes plugin needs to be configured and enabled in the admin section. Refer here for more details.

Days passed since the application was last deployed:

Objective: Fetches the number of days since the most recent deployment was done.
Calculation Method: The label selector configured in the catalog YAML is used to identify the Kubernetes workload and the lastUpdateTime is used from the conditions section. The cluster details configured in the Kubernetes plugin are used. If more than one cluster is configured, the workload search is done in each cluster and the oldest deployment time of all is taken into consideration.
Prerequisites: The Kubernetes plugin needs to be configured and enabled in the admin section. Refer here for more details.

The following Data Points are avilable for Jira Data Source.

Issues Count:

Objective: Calculates the total number of issues for the given JQL query.
Calculation Method: Fetches annotations from catalog YAML file to find project details and calculates number of issues. Make sure to provide JQL expression in the conditional input field.
1. Open P0/P1 bugs: issuetype = Bug AND priority in (P0, P1) AND statusCategory != Done
2. Features delivered (last 90 days): issuetype in (Epic, 'New Feature') AND resolved >= -90d
3. Make sure to wrap words within single quotes. Eg: 'New Feature'
Prerequisites: Provide annotations like jira/project-key(required) and jira/component(optional) in the catalog YAML file.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    jira/project-key: <jira-project-key>
    jira/component: <jira-component>
    ...
spec:
    ...

Mean time to resolve:

Objective: Calculates the average time taken to resolve issues for the given JQL query.
Calculation Method: Fetches annotations from catalog YAML file to find project details and calculates average time. Make sure to provide JQL expression in the conditional input field.
1. Mean time to resolve bugs: issuetype = Bug AND priority in (P0,P1) AND resolved >= -90d
2. Make sure to wrap words within single quotes. Eg: 'New Feature'
Prerequisites: Provide annotations like jira/project-key(required) and jira/component(optional) in the catalog YAML file.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    jira/project-key: <jira-project-key>
    jira/component: <jira-component>
    ...
spec:
    ...

Issues Open/Close Ratio:

Objective: Calculates the ratio between Open & Closed issues for the given JQL query.
Calculation Method: Fetches annotations from catalog YAML file to find project details and calculates the ratio. Make sure to provide JQL expression in the conditional input field.
1. Mean time to resolve bugs: issuetype = Bug AND priority in (P0,P1) AND resolved >= -90d
2. Make sure to wrap words within single quotes. Eg: 'New Feature'
Prerequisites: Provide annotations like jira/project-key(required) and jira/component(optional) in the catalog YAML file.

Example YAML

kind: "Component"
apiVersion: "backstage.io/v1alpha1"
metadata:
  name: order-service
  annotations:
    jira/project-key: <jira-project-key>
    jira/component: <jira-component>
    ...
spec:
    ...

Now add a tag under which category your check belongs to , Ex. "Developer Productivity", "Software Maturity" and click enter to add each tags.
Now add the default result in case of missing data and Save Changes. Your checks will be added.

Overview​

Add Custom Checks​

Error Scenarios:​

Prerequisites:​

Prerequisites:​

Error Scenarios:-​

Overview

Add Custom Checks

Error Scenarios:

Prerequisites:

Prerequisites:

Error Scenarios:-