Scan your code, containers and live apps
Harness STO enables DevOps and Security teams teams to left shift security testing as a key outcome of their DevSecOps initiative. STO orchestrates scanning, intelligently deduplicating scanner output, prioritizing remediations, and enforcing governance into your Pipeline. STO puts scanning directly into your Pipelines to ensure that vulnerabilities are caught and fixed before your products are ever released.
Featured Tutorials
All STO Tutorials
5min
STO Overview
Learn how Harness STO can help you solve your security scanning problems.
15min
Your first STO pipeline
Set up a Pipeline with one scanner, run scans, analyze the results, and learn the key features of STO.
10min
SAST codebase scans with Semgrep
Quickly set up a pipeline to scan codebases using Semgrep, which supports a wide variety of languages.
10min
Container image scans with Aqua Trivy
Quickly set up a pipeline to scan container images using the open-source Aqua Trivy scanner.
10min
Trigger automated scans using GitLab merge requests
Learn how to launch pipeline builds and scans automatically based on GitLab events.
