Harness STO Integration

Prev Next

Security Testing Orchestration (STO) is a module in the Harness suite of products that automates the execution and management of security scans as part of CI/CD pipelines. It enables your teams to test various components of your pipelines, remediate the detected vulnerabilities, and enforce governance policies to ensure that the vulnerabilities do not reach your customers. With STO, you can run various security scanners, such as SAST and DAST, directly in your CI/CD pipelines. It gives you a unified results view, removes duplicate vulnerabilities, and highlights new and critical ones.

Traceable integrates with Harness STO, supporting multiple modes for displaying your security vulnerabilities in STO. This is facilitated using either of the following methods:

  • Initiating a scan run within a scan.

  • Fetching results of an existing scan from a downloaded scan file.

  • Importing the latest scan run data from a scan in Traceable.

For more information on these methods, see Traceable Step Configuration.

This integration enables you to include API security testing results into your CI/CD pipelines and view them alongside other detected vulnerabilities in your Harness dashboard.


Before you begin

Make a note of the following before you proceed with the integration:

  • Make sure that you have the Scan ID. To obtain this scan ID, navigate to Testing → Scans, select the scan, and from the browser URL, copy the ID. For example, if the browser URL is https://app.traceable.ai/api-testing-scans-v2/scan-v2/123a4b42-14e9-4320-ab1d-ef5fb8c3e23e/issues?time=1d..., then the scan ID is 123a4b42-14e9-4320-ab1d-ef5fb8c3e23e.

  • Make sure that you have the Runner ID. To obtain the runner ID, navigate to Testing → Runners, and copy the ID from the Runner ID column corresponding to the relevant runner.

  • Make sure that you have the Traceable API Token. For the steps to obtain this, see Public APIs.


Setting up the Integration

To set up the Harness STO integration, you must log in to your Harness account and navigate to the Security Testing Orchestration module.

For information on how to set up the integration, see Traceable step configuration.