📄️ Security Step Settings Reference
All the Scanner Provider settings for the Security step.
📄️ Aqua Trivy Scanner Reference
You can set up a Security step with Aqua Trivy to detect vulnerabilities and misconfigurations in your container images.
📄️ Bandit Scanner Reference
You can set up a Security step with Bandit to find common security issues in your Python code.
📄️ Grype Scanner Reference
You can set up a Security step with Grype to detect vulnerabilities and misconfigurations in your container images.
📄️ SonarQube SonarScanner Reference
This topic describes how to configure a step to scan a repository using SonarQube. STO supports all languages supported by SonarScanner.
📄️ Veracode Scanner Reference
Veracode is a popular tool that performs dynamic and static code analysis and finds malicious code as well as the absence of functionality that can lead to security breaches.
📄️ Zed Attack Proxy (ZAP) Scanner Reference
Zed Attack Proxy (ZAP) is a free, open-source penetration tool for testing web applications. You can use ZAP to run penetration testing to simulate a malicious external attack and use the results to protect your app from unauthorized access and denial-of-service attack.