Scanner Severity Override

Last updated on Feb 19, 2026

Scanner Severity Override

Scanner Severity Override allows you to configure the scan step to use severity levels reported directly by the security scanner. By default, STO assigns severity based on numeric scores such as CVSS. When scanner severity override option is enabled, STO bypasses its internal severity mapping and uses the severity levels reported by the scanner (for example, Critical, High, Medium, and Low).

Enable Scanner Severity Override

You can enable the scanner severity override behavior in either of the following below 2 ways:

In the scan step configuration, enable Use Raw Scanner Severity option.

In the scan step configuration, add ingest_tool_severity: true in the Settings section.

Supported Scanners List

Scanner Severity Override is supported for the following scanners:

Checkmarx
CheckmarxOne
Anchore
Snyk
Prisma Cloud(formerly Twistlock)