STO Technical Reference | Harness Developer Hub

📄️ Security Step Settings Reference

All the Scanner Provider settings for the Security step.

📄️ Aqua Trivy Scanner Reference

You can set up a Security step with Aqua Trivy to detect vulnerabilities and misconfigurations in your container images.

📄️ Bandit Scanner Reference

You can set up a Security step with Bandit to find common security issues in your Python code.

📄️ Grype Scanner Reference

You can set up a Security step with Grype to detect vulnerabilities and misconfigurations in your container images.

📄️ SonarQube SonarScanner Reference

This topic describes how to configure a step to scan a repository using SonarQube. STO supports all languages supported by SonarScanner.

📄️ Veracode Scanner Reference

Veracode is a popular tool that performs dynamic and static code analysis and finds malicious code as well as the absence of functionality that can lead to security breaches.

📄️ Zed Attack Proxy (ZAP) Scanner Reference

Zed Attack Proxy (ZAP) is a free, open-source penetration tool for testing web applications. You can use ZAP to run penetration testing to simulate a malicious external attack and use the results to protect your app from unauthorized access and denial-of-service attack.