Learn Harness' Key Concepts

Quickstarts

Supported Platforms and Technologies

Harness Products and Editions

How to Use Harness Docs

Harness FirstGen vs Harness NextGen

Harness Self-Managed Enterprise Edition Overview

CI Pipeline Quickstart

Build and Push an Artifact

Build and Push to GCR

Upload Artifacts to JFrog

Modify and Override Build Settings Before a Build

Define a Kubernetes Cluster Build Infrastructure

Configure a Kubernetes Build Farm to use Self-Signed Certificates

Define an AWS VM Build Infrastructure

Create and Configure a Codebase

Run a Drone Plugin in CI

Run a GitHub Action in CI

Share CI Data Across Steps and Stages

Save and Restore Cache from S3

Save and Restore Cache from GCS

Run a Script in a CI Stage

Run Docker-in-Docker in a CI Stage

Clone and Process Multiple Codebases in the Same Pipeline

View Tests

Set up Test Intelligence

CI Build Stage Settings

Configure Service Dependency Step Settings

CI Run Step Settings

Plugin Step Settings

Build and Push to GCR Step Settings

Build and Push an Image to Docker Registry Step Settings

Build and Push to ECR Step Settings

Upload Artifacts to S3 Step Settings

Upload Artifacts to GCS Step Settings

Upload Artifacts to JFrog Artifactory Step Settings

Save Cache to GCS Step Settings

Save Cache to S3 Step Settings

Restore Cache from GCS Settings

Restore Cache from S3 Step Settings

Harness CI Images List

CI Build Image Updates

Built-in CI Codebase Variables Reference

CI Cluster Requirements

Run Tests Step Settings

CI Pipeline Basics

Harness CI Concepts

Drone and Harness

Test Intelligence

Optimizing CI Build Times

Troubleshooting Continuous Integration (CI)

Kubernetes CD Quickstart

Helm Chart CD Quickstart

Kustomize Quickstart

Azure ACR to AKS CD Quickstart

Native Helm Quickstart

Harness Argo CD GitOps Quickstart

Harness CD Community Edition Quickstart

Serverless Lambda CD Quickstart

CD Pipeline Basics

Kubernetes Services

Kubernetes Infrastructure

Provision Target Deployment Infra Dynamically with Terraform

Create a Kubernetes Rolling Deployment

Create a Kubernetes Canary Deployment

Create a Kubernetes Blue Green Deployment

Deploy Manifests Separately using Apply Step

Scale Kubernetes Pods

Delete Kubernetes Resources

Run Kubernetes Jobs

Verify Deployments with the Verify Step

Verify Deployments with AppDynamics

Verify Deployment with Prometheus

Verify Deployments with Dynatrace

Verify Deployments with Splunk

Verify Deployments with Custom Health Source

Verify Deployments with Google Cloud Operations

Verify Deployments with New Relic

Verify Deployments with Datadog

Harness GitOps Basics

Harness CD GitOps Quickstart

Add Kubernetes Manifests

Add Container Images as Artifacts for Kubernetes Deployments

Add and Override Values YAML Files

Pull an Image from a Private Registry for Kubernetes

Ignore a Manifest File During Deployment

Add a Kubernetes Sidecar Container

Deployment Concepts and Strategies

Kubernetes Deployments Overview

Harness CD Community Edition Overview

Terraform Provisioning with Harness

Deploy Helm Charts

Use Kustomize for Kubernetes Deployments

Terraform How-tos

Plan Terraform Provisioning with the Terraform Plan Step

Provision with the Terraform Apply Step

Remove Provisioned Infra with the Terraform Destroy Step

Rollback Provisioned Infra with the Terraform Rollback Step

Using Manual Harness Approval Steps in CD Stages

Create Jira Issues in CD Stages

Update Jira Issues in CD Stages

Create Service Now Tickets in CD Stages

Update Service Now Tickets in CD Stages

Propagate and Override CD Services

Using Shell Scripts in CD Stages

Using HTTP Requests in CD Pipelines

Add a Pipeline Notification Strategy

Synchronize Deployments using Barriers

Monitor Deployments and Services in CD Dashboards

View Deployments Dashboard (Current Generation)

View Services Dashboard (Current Generation)

Example Kubernetes Manifests using Go Templating

Kubernetes Releases and Versioning

Kubernetes Rollout Step

Canary Deployment Step

Canary Delete Step

What Can I Deploy in Kubernetes?

Kubernetes Rollback

Kubernetes Annotations and Labels

Using OpenShift with Harness Kubernetes

Kubernetes Apply Step

JSON and XML Functors

HTTP Step Reference

Run Steps in a Step Group

Shell Script Step Reference

Getting Started with Feature Flags

Java Quickstart

Create a Feature Flag

Enable or Disable a Feature Flag

Edit and Delete a Feature Flag

Add Targets

Manage Target Groups

Manage Variations of the Feature Flag

Add Flag Prerequisites

Targeting Users with Flags

Add and Manage Access Control

View Activities of a Feature Flag

View Metrics

Manage Feature Flags using Git Experience

Build a Feature Flag Pipeline

Deploy Relay Proxy

Relay Proxy

Harness Policy Engine Overview for Feature Flags

JavaScript SDK Reference

iOS SDK Reference

Android SDK Reference

Flutter SDK Reference

React Native SDK Reference

Xamarin SDK Reference

Java SDK Reference

Go SDK Reference

Node.js SDK Reference

.NET SDK Reference

Python SDK Reference

Ruby SDK Reference

Communication Strategy Between SDKs and Harness Feature Flags

GDPR Compliance

Feature Flags Overview

Client-Side and Server-Side SDKs

SDK Version Policy

Anonymous Users and Monthly Active Users Count

Set Up Cloud Cost Management for Kubernetes

Set Up Cloud Cost Management for AWS

Set Up Cloud Cost Management for GCP

Set Up Cloud Cost Management for Azure

Create an AWS Connector for AutoStopping Rules

Create an Azure Connector for AutoStopping Rules

Create a GCP Connector for AutoStopping Rules

Create a Kubernetes Connector for AutoStopping Rules

Review AutoStopping Rules Requiremnets

Create AutoStopping Rules for AWS

Create AutoStopping Rules for Amazon ECS

Create AutoStopping Rules for RDS

Create AutoStopping Rules for Azure

Create AutoStopping Rules for GCP

Create AutoStopping Rules for a Kubernetes Cluster

Create AutoStopping Rules with Terraform

Use AutoStopping Rules Dashboard

Create an Application Load Balancer for AWS

Create an Application Gateway for Azure

Create a Custom Load Balancer for GCP

Configure ECG for AutoStopping Rules

Create Cost Perspectives

Share Your Cost Perspective Report

Create a Budget for Your Perspective

Analyze Cost for AWS Using Perspectives

Analyze Cost for Azure Using Perspectives

Analyze Cost for GCP Using Perspectives

Analyze Cost for Kubernetes Using Perspectives

Perform Root Cost Analysis

Optimize Kubernetes Costs with Workload Recommendations

Optimize Kubernetes Costs with Node Pool Recommendations

Create a Budget

Detect Cloud Cost Anomalies with CCM

View AWS Cost Dashboard

View AWS Reservation Efficiency Dashboard

View Azure Cost Dashboard

View Cluster Cost Dashboard

View GCP Cost Dashboard

View Multi-cloud Cost Overview Dashboard

View AWS Resource Breakdown Dashboard

Orphaned EBS Volumes and Snapshots Dashboard

View AWS EC2 Instance Metrics Dashboard

View AWS EC2 Inventory Cost Dashboard

Use Multiple Tags in AWS Dashboards

Manage Access Control for CCM Dashboards

Cloud Cost Management Overview

AutoStopping Rules Overview

Key Cloud Cost Concepts

Datadog Integration with Cloud Cost Management

SLO Management Quickstart

Change Impact Analysis Quickstart

SLO-Driven Governance

Install an Error Tracking Agent

Error Tracking in SRM

Service Reliability Management Basics

Security Testing Orchestration Quickstart (Public Preview)

Security Step Settings Reference

Security Testing Orchestration Basics (Public Preview)

Harness Chaos Engineering Quickstart (Public Preview)

Harness Chaos Engineering Basics (Public Preview)

Harness YAML Quickstart

Harness Git Experience Quickstart

Harness Policy Engine Quickstart

Harness Role-Based Access Control Overview

Get Started with RBAC

Add and Manage Users

Add and Manage User Groups

Add and Manage Service Accounts

Add and Manage API Keys

Add and Manage Resource Groups

Add and Manage Roles

Create Organizations and Projects

Install a Kubernetes Delegate

Install a Docker Delegate

Select Delegates with Tags

Run Initialization Scripts on Delegates

Configure Delegate Proxy Settings

Automate Delegate Installation

Truststore Override for Delegates

Delegate Registration and Verification

Non-Root Delegate Installation

Create a Custom Delegate that Includes Custom Tools

Secure Delegates with Tokens

Add a Kubernetes Cluster Connector

Add an AWS Connector

Add a Microsoft Azure Cloud Connector

Add a Google Cloud Platform (GCP) Connector

Add a GitHub Connector

Connect to a Cloud Provider

Connect to an Artifact Repo

Connect to Harness Container Image Registry Using Docker Connector

Connect to a Git Repo

Connect to Jira

Connect to ServiceNow

Connect to Monitoring and Logging Systems

Connect to IBM Cloud Container Registry

Use a GitHub App in a GitHub Connector

Create a Connector using YAML

Add a Secret Manager

Add a HashiCorp Vault Secret Manager

Add an Azure Key Vault Secret Manager

Add an AWS Secrets Manager

Add an AWS KMS Secret Manager

Add Google KMS as a Harness Secret Manager

Add and Reference Text Secrets

Add and Reference File Secrets

Add SSH Keys

Disable Built-In Secret Manager

Two-Factor Authentication

Single Sign-On (SSO) with SAML

Single Sign-On (SSO) with OAuth

Provision Users with Okta (SCIM)

Provision Users and Groups with OneLogin (SCIM)

Provision Users and Groups using Azure AD (SCIM)

Add a Stage

Define a Failure Strategy on Stages and Steps

Run Pipelines using Input Sets and Overlays

Run Specific Stages in Pipeline

Searching the Console View

Retry Pipeline Deployments

Adding Jira Approval Stages and Steps

Using Manual Harness Approval Stages

Adding ServiceNow Approval Stages and Steps

Schedule Pipelines using Triggers

Trigger Pipelines on New Helm Chart

Trigger Pipelines on a New Artifact

Trigger Pipelines using Git Events

Trigger Pipelines using Git Event Payload Conditions

Templates Overview

Create a Step Template

Create an HTTP Step Template

Create a Stage Template

Create a Pipeline Template

Use a Template

Git Experience How-tos

Add Source Code Managers

Configure Git Sync in Harness

Manage Pipelines in Git Repos

Manage Project Resources in Git Repos

Manage Input Sets and Overlays in Git Repos

Add Folders to Existing Git Experience Repos

Diagnose and Fix Git Sync Errors

Create Dashboards

Schedule and Share Dashboards

Create Visualizations and Graphs

Download Dashboard Data

Use Dashboard Actions

Create Conditional Alerts

Add Custom Fields

Extracting Characters from Harness Variable Expressions

Add Account, Org, and Project-level Variables

View Audit Trail

Add SMTP Configuration

Send Notifications Using Slack

Send Notifications to Microsoft Teams

Use Harness Open Policy Agent For Connectors

Use Harness Policy Engine for Feature Flags

Add a Policy Engine Step to a Pipeline

Harness Entity Reference

Entity Identifier Reference

Entity Retention Policy

Entity Deletion Reference

Entity Name and Id Rules

Data Retention

Tags Reference

Delegate Requirements and Limitations

Permissions and Ports for Harness Connections

Common Delegate Initialization Scripts

Allowlist Harness Domains and IPs

Step and Stage Failure Strategy References

Stage and Step Conditional Execution Settings

Triggers Reference

YAML Reference: Pipelines

Built-in and Custom Harness Variables Reference

GitLab Connector Settings Reference

Bitbucket Connector Settings Reference

AWS CodeCommit Connector Settings Reference

Git Connector Settings Reference

GitHub Connector Settings Reference

AWS Connector Settings Reference

Kubernetes Cluster Connector Settings Reference

Google Cloud Platform (GCP) Connector Settings Reference

HTTP Helm Repo Connector Settings Reference

Artifactory Connector Settings Reference

Nexus Connector Settings Reference

Docker Connector Settings Reference

Jira Connector Settings Reference

API Permissions Reference

Permissions Reference

Source Code Manager Settings

Authentication Overview

Organizations and Projects Overview

Delegates Overview

Delegate Installation Overview

Harness Secrets Management Overview

Harness Git Experience Overview

Fixed Values, Runtime Inputs, and Expressions

Harness Policy Engine Overview

Input Sets and Overlays

Pipeline Resource Constraints

Harness API Quickstart

Use the Harness REST API

Self-Managed - Kubernetes Cluster: Infrastructure Requirements

Self-Managed - Kubernetes Cluster: Setup Guide

Self-Managed: Support Policy for Kubernetes

Self-Managed - Kubernetes Cluster: Add Ingress Controller Service Annotations

Self-Managed - Virtual Machine: Infrastructure Requirements

Self-Managed - Virtual Machine: Setup Guide

Self-Managed - Virtual Machine: Backup and Recovery

Monitor Self-Managed

Troubleshooting Harness

Harness Security FAQs

Cloud Cost Management (CCM) FAQs

Continuous Delivery (CD) FAQs

Harness Delegate FAQs

Feature Flags (FF) FAQs

Continuous Integration (CI) FAQs

Harness Self-Managed Enterprise Edition Release Notes

Harness SaaS Release Notes

Harness Self-Managed Enterprise Edition Release Notes 2021

Harness SaaS Release Notes 2021

Harness Delegate Docker Image Change Log

All Categories > Security Testing Orchestration > Technical Reference > Security Step Settings Reference

Security Step Settings Reference

Updated 1 week ago by Michael Cretzman

This topic includes all the Security step settings for each of the scanner providers supported by Harness.

For details on using the Security step, see Security Testing Orchestration Quickstart (Public Preview).

Scan Approach Types

Harness Security Testing Orchestration integrates with multiple scanners and targets. Different types of scan approaches can be done on each scanner-target combination:

orchestratedScan: orchestratedScan is fully orchestrated. A new scan is orchestrated and the scan results are normalized and compressed by Security Testing Orchestration.
manualUpload: manualUpload is not orchestrated. Think of this as ingestion-only. For a scan that was done previously (or an earlier step in the a Pipeline), the results are presented to Security Testing Orchestration for normalization and compression.
dataLoad: dataLoad is partially orchestrated. A previously run scan where the results exist in scan tool vendors SaaS. The data is pulled, normalized, and compressed for Security Testing Orchestration.

The scanner, targets, and scan approach combinations are covered in the next section.

Scanners, Target Types, and Scan Approach

The following scanners are supported. See Security Testing Orchestration Quickstart (Public Preview).

Scanner Name	Scan Target Type	Scan Approach
Aqua Trivy	container	orchestratedScan, manualUpload
Bandit	repository	orchestratedScan, manualUpload
Black Duck	repository, container	orchestratedScan, manualUpload
Brakeman	repository	orchestratedScan, manualUpload
Burp	instance	manualUpload
Checkmarx	repository	orchestratedScan, dataLoad, manualUpload
Data Theorem	repository	dataLoad, manualUpload
Docker Content Trust (DCT)	container	orchestratedScan, manualUpload
Docker Content Trust (DCT) (docker-content-trust and clair)	container	orchestratedScan, manualUpload
External (JSON upload v2)	container, repository, instance, configuration	orchestratedScan, manualUpload
Fortify on Demand	repository	orchestratedScan, dataLoad, manualUpload
Metasploit	instance	orchestratedScan, manualUpload
Nessus	instance	orchestratedScan, manualUpload
Nexus IQ	instance	orchestratedScan, manualUpload
Nikto	instance	orchestratedScan, manualUpload
Nmap ("Network Mapper")	instance	orchestratedScan, manualUpload
OpenVAS	instance	orchestratedScan, manualUpload
OWASP	repository	orchestratedScan, manualUpload
Prowler	repository	orchestratedScan, manualUpload
Qualys Web Application Scanning (WAS)	instance	manualUpload
Reapsaw	repository	manualUpload
ShiftLeft	repository	orchestratedScan, dataLoad, manualUpload
Sniper	instance	orchestratedScan, manualUpload
Snyk	container	orchestratedScan, manualUpload
SonarQube SonarScanner	repository	orchestratedScan, dataLoad, manualUpload
Tenable.io	instance	orchestratedScan, dataLoad, manualUpload
Prisma Cloud (formerly Twistlock)	container	orchestratedScan, dataLoad, manualUpload
Veracode	repository	orchestratedScan, dataLoad, manualUpload
WhiteSource	repository	orchestratedScan, manualUpload
JFrog Xray	container	manualUpload
Zed Attack Proxy (ZAP)	instance	orchestratedScan, manualUpload

Test Targets

The following table specifies where the target to be tested is located.

Target Name	Target Type
azure	repository
bitbucket	repository
github	repository
gitlab	repository
local_image	container
docker_v2	container
jfrog_artifactory	container
aws_ecr	container
website	instance

Using Scanner Providers in the Security Step

To use any supported scanner provider in the Harness Security step, you simply need to provide the setting:value pairs for the scanner.

For example, here are the setting:value pairs for Aqua Trivy:

The Aqua Trivy-specific settings are just scan_type and policy_type. The rest of the settings are common to all scanners where the scan_type is container.

The following sections list the setting:value pairs for each provider.

All Scan Types

The following settings apply to all scanners.

scan_type
- accepted values: container, repository, instance, configuration.

Repository Scan Type Settings

The following settings apply to all scanners where the scan_type is repository.

repository_project*
repository_branch*

Container Scan Type Settings

The following settings apply to all scanners where the scan_type is container.

container_project*
container_tag*
container_type
- accepted value(s): local_image, docker_v2, jfrog_artifactory, aws_ecr
  - for container_type set to local
    - None
  - for container_type set to docker_v2
    - container_access_id: Username
    - container_access_token: Password/Token
  - for container_type set to jfrog_artifactory
    - container_access_id: Username
    - container_access_token: Password/Token
  - for container_type set to aws_ecr
    - container_access_id: Username
    - container_access_token: Password/Token
    - container_region: Aws default region
container_domain

Instance Scan Type Settings

The following settings apply to all scanners where the scan_type is instance.

instance_identifier*
instance_environment*
instance_domain
instance_path
instance_protocol
instance_port
instance_type
- accepted value(s): website

Configuration Scan Type Settings

The following settings apply to all scanners where the scan_type is configuration.

configuration_type
- accepted value(s)s: aws_account
configuration_region
configuration_environment
configuration_access_id
configuration_access_token

Aqua Trivy

When product_name is set to aqua-trivy

scan_type
- accepted value(s): container
policy_type
- accepted value(s): orchestratedScan, manualUpload

AWS Security Hub

When product_name is set to aws-security-hub

scan_type
- accepted value(s): configuration
policy_type
- accepted value(s): manualUpload

Bandit

When product_name is set to bandit

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload

Black Duck Open Hub

When product_name is set to blackduckhub

scan_type
- accepted value(s): repository, container
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_domain
- product_auth_type
  - accepted value(s): usernamePassword, apiKey
- product_access_id: api username
- product_access_token api password or api key
- product_api_version
- product_project_name
- product_project_version

Brakeman

When product_name is set to brakeman

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload

Burp

When product_name is set to burp

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): manualUpload

Checkmarx

When product_name is set to checkmarx

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_domain
- product_access_id
- product_access_token
- product_lookup_type
  - accepted value(s): Not Specified, byName
- product_team_name
- product_project_name

Data Theorem

When product_name is set to data-theorem

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): dataLoad, manualUpload
When policy_type is set to dataLoad
- product_app_id
- product_access_token

Docker Content Trust (DCT)

When product_name is set to docker-content-trust

scan_type
- accepted value(s): container
policy_type
- accepted value(s): orchestratedScan, manualUpload

Docker Content Trust (clair)

When product_name is set to docker-content-trust (clair)

scan_type
- accepted value(s): container
policy_type
- accepted value(s): orchestratedScan, manualUpload
product_url
product_access_id
product_access_token

External (JSON upload v2)

When product_name is set to external (json upload v2)

scan_type
- accepted value(s): container, repository, instance, configuration
policy_type
- accepted value(s): manualUpload

Fortify

When product_name is set to fortify

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_license_path: see customer_artifacts

Fortify on Demand

When product_name is set to fortifyondemand

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_domain
- product_access_id
- product_access_token
- product_owner_id
- product_entitlement
- product_scan_type
- product_app_name
- product_release_name
- product_target_language
- product_target_language_version
- product_scan_settings
  - accepted values: Custom, default
- product_audit_type
- product_lookup_type
  - accepted values: Dynamic, Static, Mobile
- product_data_center

Metasploit

When product_name is set to metasploit

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload

Nessus

When product_name is set to nessus

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_domain
- product_access_id
- product_access_token
- product_policy_id
- product_scanner_id
- product_template_uuid

Nexus IQ

When product_name is set to nexusiq

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_domain
- product_access_id
- product_access_token
- product_organization_id
- product_project_name
- product_lookup_type
  - accepted value(s): byPrivateId, byPublicId
- When product_lookup_type is set to byPublicId
  - product_public_id
- When product_lookup_type is set to byPrivateId
  - product_private_id

Nikto

When product_name is set to nikto

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload

Nmap ("Network Mapper")

When product_name is set to nmap

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload

OpenVAS

When product_name is set to openvas

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload
product_domain
product_access_id
product_access_token

OWASP

When product_name is set to owasp

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload

Prowler

When product_name is set to prowler

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload

Qualys Web Application Scanning (WAS)

When product_name is set to qualys

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): manualUpload

Reapsaw

When product_name is set to reapsaw

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): manualUpload

ScoutSuite

When product_name is set to scoutsuite (aws only)

scan_type
- accepted value(s): configuration
policy_type
- accepted value(s): manualUpload

ShiftLeft

When product_name is set to shiftleft

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_access_id
- product_access_token
- product_app_name
- product_target_language

Sniper

When product_name is set to sniper

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload

Snyk

When product_name is set to snyk

scan_type
- accepted value(s): container
policy_type
- accepted value(s): orchestratedScan, manualUpload
product_access_token

SonarQube SonarScanner

When product_name is set to sonarqube

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_domain
- product_access_token
- product_lookup_type
- product_project_name
- product_project_key
- product_exclude
- product_java_binaries
- product_java_libraries

Tenable.io

When product_name is set to tenableio

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_domain
- product_access_id
- product_access_token
- product_policy_id
- product_scanner_id
- product_template_uuid

Prisma Cloud (formerly Twistlock)

When product_name is set to twistlock

scan_type
- accepted value(s): container
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
When policy_type is set to orchestratedScan or dataLoad
- product_image_name
- product_domain
- product_access_id
- product_access_token

Veracode

When product_name is set to veracode

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, dataLoad, manualUpload
product_auth_type
- accepted value(s): ['usernamePassword', 'apiKey']
product_access_id: username / keyId
product_access_token: password / key
product_app_id
product_project_name

WhiteSource

When product_name is set to whitesource

scan_type
- accepted value(s): repository
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_domain
- product_access_id
- product_access_token
- product_include
- product_exclude
- product_lookup_type
  - accepted value(s): Not Set, byName, byTokens, appendToProductByToken, appendToProductByName
- product_product_name
- product_project_name
- product_product_token
- product_project_token

JFrog Xray

When product_name is set to xray

scan_type
- accepted value(s): container
policy_type
- accepted value(s): manualUpload

Zed Attack Proxy (ZAP)

When product_name is set to zap

scan_type
- accepted value(s): instance
policy_type
- accepted value(s): orchestratedScan, manualUpload
When policy_type is set to orchestratedScan
- product_context_name: see customer_artifacts

Security Step Settings Reference

Scan Approach Types

Scanners, Target Types, and Scan Approach

Test Targets

Using Scanner Providers in the Security Step

All Scan Types

Repository Scan Type Settings

Container Scan Type Settings

Instance Scan Type Settings

Configuration Scan Type Settings

Aqua Trivy

AWS Security Hub

Bandit

Black Duck Open Hub

Brakeman

Burp

Checkmarx

Data Theorem

Docker Content Trust (DCT)

Docker Content Trust (clair)

External (JSON upload v2)

Fortify

Fortify on Demand

Metasploit

Nessus

Nexus IQ

Nikto

Nmap ("Network Mapper")

OpenVAS

OWASP

Prowler

Qualys Web Application Scanning (WAS)

Reapsaw

ScoutSuite

ShiftLeft

Sniper

Snyk

SonarQube SonarScanner

Tenable.io

Prisma Cloud (formerly Twistlock)

Veracode

WhiteSource

JFrog Xray

Zed Attack Proxy (ZAP)

Please Provide Feedback

People also searched for Supported Platforms and Technologies HTTP Step Reference Shell Script Step Reference

Feedback

People also searched for

Supported Platforms and Technologies

HTTP Step Reference

Shell Script Step Reference