Skip to main content

STO Tutorials

The following workflows and tutorials are available. Harness recommends you do them in this order.

  1. Set up Harness for STO This is a good primer if you're new to Harness. It guides you through the process of setting up your connectors, delegate, and build infrastructure. Then it guides you through the process of setting up a simple standalone STO pipeline.

  2. Your first STO pipeline This tutorial covers the basic concepts of STO. You'll set up a standalone pipeline with one scanner, run scans, analyze the results, and learn how to investigate and fix detected vulnerabilities.

  3. SAST code scans using Semgrep This "quick-start" tutorial shows you how to scan your codebases using Semgrep, which can scan a wide variety of languages and includes a free version.

  4. Container image scans with Aqua Trivy This "quick-start" tutorial shows you how to scan your container images using Aqua Trivy, a popular open-source scanning tool.

  5. Trigger automated scans using GitLab merge requests This tutorial shows how you can set up a STO pipeline that runs a build and scans a code repository automatically in response to a Git event.