Feature Requests

STO step support for gathering code coverage from Sonarqube step in extraction mode

Hi team, We need a feature that enables us to use Quality gate in our sonarqube scan step. The pipeline should fail when it fails the quality gate checks. Can you please help us on this requirement. Thank you.

STO should have the exempted issues with severity details. (Priority : High/Urgent) Harness API should provide the detail for the exempted issue with severity and its meta data (issue description, CVE code) for the specific pipeline, project. (Priority : Moderate) The STO All Issue Summary Dashboard is not loading and keep spinning (Priority : Low)

Veracode orchestration and ingestion support

Anchore Enterprise in our organization is responsible for using Anchore policy to determine whether the scan has passed or failed. STO ingestion should consider Anchore authoritative for pass/fail status.

Customer wants the ability to override image path similar to CI

We have a requirement to download the STO security test output results in PDF format to send Email post STO analysis from the pipeline.

Expose STO vulnerability data from scan steps to allow customers to write OPA policies against the scan results. Ability to get vulnerability data from STO API Pipe STO data to OPA policy management Evaluate OPA policies against STO data for STO steps Add new OPA entity type for STO data Create out-of-the-box OPA policies for STO use cases

Aquasec has support for assurance policies within their platform which define what issues will be accepted, and what will cause a build to fail. Currently harness only allows us to fail a build on a particular severity, but we would like to be able to select a policy which manages the failures.

Hi team, Since building the arm64 image is on-demand nowdays and harness now supports the build of arm64, however the STO supports amd64 only, can we enhance the STO to support both arm64 and amd64 therefore we don't need to create separate stages between build and scan?