Targets, baselines, and variants in STO

Every scan step has a specific target, which is a user-defined label for the code repository, container, application, or configuration to scan. You define the test target when you configure the scan step. It is good practice to create descriptive, specific labels for your scan targets.

You can view all your targets in one page: go to Security Tests (left menu) and then Test Targets.

Test Targets page

Each scan operation has a specified variant that specifies the branch, tag, or other target variant to scan.

You can also specify a baseline for each target. This is usually the "root" variant of the target, such as the main branch or the latest tag. When a scan finishes successfully, STO does the following:

• Compares each issue detected in the scanned variant against the target baseline.
• Places each issue into one of two buckets:
  • "New" issues in the current variant only, or
  • "Common" issues also in the baseline (or, if no baseline is specified, in the previous scan).

note

It is good practice to specify a baseline for every target. You can define and view all your baselines in one page: go to Security Tests (left menu) and then Test Targets.

You can easily identify new vs. common issues in the results for each scan.

New and common issues in Security Tests tab