With Harness Security Testing Orchestration (STO), your pipelines can detect security vulnerabilities automatically. Harness STO enables DevOps and Security teams teams to left shift security testing as a key outcome of their DevSecOps initiative. STO orchestrates scanning, intelligently deduplicating scanner output, prioritizing remediations, and enforcing governance into your pipelines. STO puts scanning directly into your pipelines to ensure that vulnerabilities are caught and fixed before your products are ever released.
Get started
Run scans and ingest data
STO workflows
Learn about the three high-level workflows for running scans and ingesting results: orchestration, extraction, and ingestion.
Orchestration workflows
Learn how to scan an object and ingest the results automatically in one step.
Ingestion workflows
Learn how to run scans in a separate step, or outside Harness entirely, and ingest the results.
Configure external scanners
STO includes integrations with over 30 external tools for scanning repositories, container images, applications, and configurations.
Ingest data from custom scanners
You can ingest custom Issues from any scanning tool. This topic shows you how.
View, troubleshoot, and fix vulnerabilities
View issues in target baselines over time
See all detected issues in your main branches, latest images, and other target baselines.
Create Jira tickets for detected issues
You can easily create Jira tickets for issues detected during an STO build.
Navigate and drill down into detected vulnerabilities
The Security Testing Dashboard enables you to view, navigate, discover, and investigate detected vulnerabilities in your organization.