> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corgea.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Harness

> Comprehensive Guide to Configuring Harness Code with Corgea

The Harness Code integration with Corgea lets you scan repositories hosted in Harness Code, receive automated security reviews on every pull request, and create pull requests for code fixes directly from the Corgea platform.

<Note>
  Corgea integrates with **Harness Code** (the Git-based SCM inside the Harness platform). It does not require — and is independent of — Harness CI/CD pipelines.
</Note>

<Steps>
  <Step title="Open your Harness profile">
    Sign in to Harness, then click your username at the bottom-left of the navigation bar and choose **Profile Overview**.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-1.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=5656fa8b423533f3f7b8826ee51d2b25" style={{ borderRadius: '0.5rem' }} alt="Open Harness profile" width="599" height="364" data-path="images/harness-1.png" />
    </Frame>
  </Step>

  <Step title="Create a new API key">
    Scroll down to the **My API Keys** section of your profile and click **+ API Key** to create a new key.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-2.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=9e20ea73c168de45bf4d0d01193bb02d" style={{ borderRadius: '0.5rem' }} alt="Create a new Harness API key" width="1900" height="958" data-path="images/harness-2.png" />
    </Frame>

    <Tip>
      For production setups we recommend creating a dedicated **Service Account** in Harness (Account Settings → Access Control → Service Accounts) and generating the API key under that account. This keeps Corgea's actions clearly attributable and lets you rotate credentials without affecting any individual user.
    </Tip>
  </Step>

  <Step title="Name your API key">
    Give the key a descriptive name such as `corgea-integration`, then click **Save**.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-3.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=14ef59176233197644cdc77a0b1dc655" style={{ borderRadius: '0.5rem' }} alt="Name the Harness API key" width="1908" height="953" data-path="images/harness-3.png" />
    </Frame>
  </Step>

  <Step title="Add a token to the API key">
    The API key itself does not authenticate requests — you need to generate a **token** under it. Expand the API key you just created and click **+ Token**.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-4.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=d92ca86787479f058e382f7cc6b4be3d" style={{ borderRadius: '0.5rem' }} alt="Add a token to the Harness API key" width="1902" height="955" data-path="images/harness-4.png" />
    </Frame>
  </Step>

  <Step title="Generate the token">
    Give the token a name (for example `corgea-token`) and an expiration date, then click **Generate Token**.

    <Warning>
      Harness only displays the token value once. Make sure you copy it before closing the dialog — you will not be able to retrieve it later.
    </Warning>

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-5.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=391993f26605b974160c3199e65467c6" style={{ borderRadius: '0.5rem' }} alt="Generate the Harness token" width="1917" height="953" data-path="images/harness-5.png" />
    </Frame>
  </Step>

  <Step title="Copy the token">
    Copy the generated token to your clipboard, then close the dialog. Harness tokens follow the format `pat.<accountId>.<tokenId>.<secret>` — Corgea automatically derives your account ID from the token, so you don't need to provide it separately.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-6.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=1dd5c28913f965e113d48b4a7064a5bc" style={{ borderRadius: '0.5rem' }} alt="Copy the generated Harness token" width="1918" height="957" data-path="images/harness-6.png" />
    </Frame>
  </Step>

  <Step title="Open the Corgea integrations page">
    Sign in to Corgea at `corgea.app` (or `{your-instance}.corgea.app` for self-hosted deployments) and open the **Integrations** page from the sidebar. In the **Code Repository Integrations** section, click the **+** button next to **Harness**.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-7.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=3867b91d75b7d92b443cfd515aaff1e4" style={{ borderRadius: '0.5rem' }} alt="Open the Corgea integrations page" width="1904" height="991" data-path="images/harness-7.png" />
    </Frame>
  </Step>

  <Step title="Add the integration">
    Paste the token you copied from Harness into the **API Token** field.

    By default Corgea discovers repositories across **every Harness organization** the token can see. If you want to limit which orgs Corgea looks at, enter a comma-separated list of org identifiers in the **Org allowlist** field (for example `default,my-other-org`). Leave it blank to allow all orgs.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-8.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=1edf0fb9ebc9e569ab0028c3bc45bd03" style={{ borderRadius: '0.5rem' }} alt="Add Harness integration in Corgea" width="1915" height="987" data-path="images/harness-8.png" />
    </Frame>
  </Step>

  <Step title="Optional settings">
    Expand **Optional settings** if you need to adjust any of the defaults:

    * **Name** — a friendly label for the integration. Useful when connecting multiple Harness accounts.
    * **Base URL** — defaults to `https://app.harness.io` for Harness SaaS. Override this if you are connecting to a self-hosted Harness installation.
    * **Gateway prefix** — defaults to `/gateway` (the SaaS prefix). Some self-hosted deployments drop this prefix; in that case clear the field.

    When you're done, click **Connect**.

    <Frame>
      <img src="https://mintcdn.com/corgea/TPxz-I5TeuxJbvmj/images/harness-9.png?fit=max&auto=format&n=TPxz-I5TeuxJbvmj&q=85&s=bc6c67574229021dbe609772fd4a54f5" style={{ borderRadius: '0.5rem' }} alt="Optional Harness integration settings" width="1921" height="992" data-path="images/harness-9.png" />
    </Frame>
  </Step>
</Steps>

Corgea validates your token immediately. On success the integration card will show your Harness account name and you can start binding repositories from the [Projects](https://www.corgea.app/projects/) page — Harness repos appear with the `H` icon and a `<org>/<project>/<repo>` label.

## How it works

* **Repository discovery** — Corgea calls the Harness Code API to list every repository under the orgs/projects your token can access (filtered by the allowlist if you set one). New repositories show up automatically; you can force a refresh from the Projects page.
* **Pull request scans** — when you bind a Corgea project to a Harness repo, Corgea registers a per-repo webhook on Harness Code. Subsequent PR opens, reopens, and pushes trigger an incremental scan and post the results as inline review comments on the diff. Corgea also writes a commit status check (`corgea-security-scan`) so PR rules can require it before merging.
* **Apply fixes as PRs** — from any Corgea-detected issue you can click **Create Pull Request** to have Corgea push the fix to a new Harness branch and open a PR back into the issue's source branch.
* **Corgea Agent** — replies to Corgea's PR comments are routed through the Corgea Agent (when enabled for your company), which can mark issues as false positives, assign them, or answer follow-up questions, threaded under the original review comment.

## Permissions

The user (or service account) that owns the API key must have at least the **Code Repository Viewer** role on every project you want Corgea to read. To enable PR comments, status checks, and PR creation, grant **Code Repository Admin** (or an equivalent custom role with create/comment/status permissions). See the [Harness RBAC documentation](https://developer.harness.io/docs/platform/role-based-access-control/rbac-in-harness) for details.

## Supported Harness deployments

| Deployment                      | Supported | Notes                                                                     |
| ------------------------------- | --------- | ------------------------------------------------------------------------- |
| Harness SaaS (`app.harness.io`) | ✅         | Works out of the box with the defaults.                                   |
| Harness Self-Managed Enterprise | ✅         | Override **Base URL** and, if needed, clear the **Gateway prefix** field. |