Security Testing Orchestration Documentation

Set up your pipelines to detect security vulnerabilities automatically using Security Testing Orchestration.

Dive in with these tutorials.

Learn about the security scanning problems facing developers and how STO provides the solutions they need.

Learn about key STO concepts such as scan targets, baselines, severities, and exemptions.

Learn about the three high-level workflows for running scans and ingesting results: orchestration, extraction, and ingestion.

Learn how to scan an object and ingest the results automatically in one step.

Learn how to run scans in a separate step, or outside Harness entirely, and ingest the results.

STO includes integrations with over 30 external tools for scanning repositories, container images, applications, and configurations.

You can ingest custom Issues from any scanning tool. This topic shows you how.

See all detected issues in your main branches, latest images, and other target baselines.

You can easily create Jira tickets for issues detected during an STO build.

The Security Testing Dashboard enables you to view, navigate, discover, and investigate detected vulnerabilities in your organization.

Lean how to set fail_on_severity to stop pipeline builds and create exemptions (ignore rules) for specific vulnerabilities

Learn how to create OPA policies to stop pipelines automatically

Set up a pipeline with one scanner, run scans, analyze the results, and learn the key features of STO.

Add a scan step to a CI pipeline and set up the pipeline to fail if a scan finds any show-stopper vulnerabilities.