Exemptions for specific issues
You can set up an STO step to fail if a scan detects vulnerabilities that match the failure criteria specified for that step. You can also create exemptions for specific vulnerabilities to allow the pipeline to proceed even if they're detected.
STO supports two methods for specifying failure criteria:
-
Fail on Severity Every scan step has a Fail on Severity setting that fails the step if the scan detects any issues with the specified severity or higher.
-
OPA policies You can use Harness Policy as Code to write and enforce policies based on severity, reference ID, title, CVE age, STO output variables, and number of occurrences.
For a full workflow description, go to Exemptions to override STO failure policies.