API or CLI commands to retrieve STO Analysis results in PDF/JSON format
complete
T
Teal Hoverfly
We have a requirement to download the STO security test output results in PDF format to send Email post STO analysis from the pipeline.
Log In
Pritesh Chandaliya
complete
Background: United Airlines requested a feature that allows them to automate the scheduled delivery of PDFs via email, containing all vulnerabilities found in the pipeline execution.
Currently, the custom dashboard only provides vulnerabilities present in the baseline and not from all pipeline executions against non-baseline targets. We’ve developed this feature specifically for United, and we appreciate your patience while we worked on it.
To enable this feature, we need your permission. Once you approve, we will enable the flag, which will add a new dashboard called STO All Issues Summary Dashboard.
After that, please follow the steps in the attached PDF. To find the dashboard ID, go to your account, click on the new dashboard, and the URL will display the ID number. Since we haven’t enabled this feature for all customers, it’s unique to your account.
Let me know if you have any questions. I’m happy to hop on a call to clarify the setup.
Pritesh Chandaliya
in progress
Should be available in 2 weeks
Pritesh Chandaliya
next fiscal quarter
We are prioritized the efforts for the coming quarter Q2 (May to July)
B
Beryl Dormouse
long-term
Planning for implementation in Q1 2024
Maximillian Printz
For reference, here is what we see in Harness today.
Please see below for suggestions.
1) To always send an email with the scan results, you can use this method. https://developer.harness.io/docs/security-testing-orchestration/use-sto/view-and-troubleshoot-vulnerabilities/email-notifications/
2) You could setup a pipeline event notification, and then create an OPA policy check on if the pipeline has any vulnerabilities, and then email on an OPA failure.
B
Beryl Dormouse
under review