Skip to main content

STO scan modes

STO supports three scan modes to ingest scan results into a pipeline:

Orchestration scans in STO

In an orchestration scan, you scan a target and ingest the results in one step. This is the easiest workflow to implement and is good for running scans with default settings.

For more information, go to Run an Orchestration Scan in an STO Pipeline.

Ingestion scans in STO

In an ingestion scan, you configure a step to ingest scan results from a data file. You can generate your scan data in a previous step of the pipeline, or download your data from an outside source. Ingestion scans provide the most flexibility and robustness, but might require more work to set up.

An ingestion scan requires at least two steps:

  1. A Run step saves the scan data to a shared folder.
  2. A Security or Security Tests step ingests the data from the shared folder.

For more information, go to Ingest Scan Results into an STO Pipeline.

Extraction scans in STO

Extraction scans are a sub-category of orchestration scans. Instead of running a scan, the step pulls issues from an external source. Specifically, you configure the step to download from the external tool rather than running an orchestration scan. This workflow is supported for scanners such as Checkmarx and SonarQube that support downloading results via an API endpoint.