Container Scanning
Container Scanning is a security testing practice that analyzes your container images for potential vulnerabilities. It is a critical step in identifying and addressing security risks early in the software development lifecycle (SDLC).
With Harness Security Testing Orchestration (STO), easily perform container scanning using a wide range of integrated scanners. STO also applies its own features, such as results normalization, deduplication of findings from various scanners, and formatting results to make them actionable.
Set up Container Scanning with Harness STO
You can use any of the integrated scanners that perform Container Scanning, or you can leverage the Harness STO Built-in Scanner workflow. The Built-in Scanner step enables you to set up scans without requiring paid licenses or complex configurations. Alternatively, select any scanner from the list below for detailed configuration steps.
Supported Scanners for Container Scanning
Below is the list of supported scanners for Container Scanning in Harness STO:
If the scanner you use for container scanning is not listed, you can explore additional scanners that are compatible with the Custom Scan step. If the Custom Scan step does not support the scanner you need, you can use the Custom Ingestion step to ingest and process your scan results.
Next steps
After running a security scan, you can take the following actions:
- View Scan Results: See the security scan results in the pipeline execution. View scan results.
- Remediate Issues with AI: Use AI-based suggestions to fix identified vulnerabilities. Use AI to fix security issues.
- Exempt issues: Manage and exempt specific issues based on requirements. Exemption workflows
- Enforce Policies: Apply OPA policies for control and governance. Enforce OPA policies.