Skip to main content

Run STO scans with custom SSL certificates

You can set up Harness STO to communicate with your scan tools using custom (self-signed) SSL certificates. This option is useful for organizations that prefer to use internal certificates instead of certificates generated by a public Certificate Authority (CA).

Supported workflows for adding custom SSL certificates in STO

Harness supports the following setups for running scans with custom certificates:

  • Add your custom certificates to the delegate. This workflow is recommended if both of the following are true:

    • You're using a Kubernetes or Docker delegate.

    • You can configure the delegate directly.

  • Add your custom certificates to individual pipelines. This workflow is recommended if either of the following are true:

    • You're using any delegate type other than Kubernetes or Docker, such as a Harness Cloud delegate.

    • You cannot access or customize your delegate directly.

    You can also use this workflow if the external scanner requires additional files, such as auth script or license files, to run scans.

  • Add your certificates to your local scanner images. This is an option if you're using a private image registry to store and download your scanner images.