Skip to main content

STO Tutorials

The following workflows and tutorials are available. Harness recommends you do them in this order.

  1. Set up Harness for STO This is a good primer if you're new to Harness. It guides you through the process of setting up your connectors, delegate, and build infrastructure. Then it guides you through the process of setting up a simple standalone STO pipeline.

  2. Create a standalone STO pipeline This tutorial covers the basic concepts of STO. You'll set up a standalone pipeline with one scanner, run scans, analyze the results, and learn how to investigate and fix detected vulnerabilities.

  3. Create an integrated STO/CI pipeline This tutorial shows how to add a scan step to a CI pipeline and configure it to stop any builds automatically if the scanner finds any "show-stopper" vulnerabilities.

  4. Scanning a NodeJS application This tutorial describes how to scan a Node application automatically using STO and the OWASP Dependency-Check scanner.