Set up your pipelines to detect security vulnerabilities automatically using Security Testing Orchestration.
Get started
Run scans and ingest data
STO workflows
Learn about the three high-level workflows for running scans and ingesting results: orchestration, extraction, and ingestion.
Orchestration workflows
Learn how to scan an object and ingest the results automatically in one step.
Ingestion workflows
Learn how to run scans in a separate step, or outside Harness entirely, and ingest the results.
Configure external scanners
STO includes integrations with over 30 external tools for scanning repositories, container images, applications, and configurations.
Ingest data from custom scanners
You can ingest custom Issues from any scanning tool. This topic shows you how.
View, troubleshoot, and fix vulnerabilities
View issues in target baselines over time
See all detected issues in your main branches, latest images, and other target baselines.
Create Jira tickets for detected issues
You can easily create Jira tickets for issues detected during an STO build.
Navigate and drill down into detected vulnerabilities
The Security Testing Dashboard enables you to view, navigate, discover, and investigate detected vulnerabilities in your organization.
Stop builds based on detected vulnerabilities
Featured Tutorials
15min
Your first STO pipeline
Set up a pipeline with one scanner, run scans, analyze the results, and learn the key features of STO.
15min
Create a build-scan-push pipeline (STO only)
Set up an end-to-end STO pipeline that scans your codebase. Then it builds an image and scans it. If the image scan detects no critical issues, the pipeline pushes the image to your registry.