Expose STO vulnerability data from scan steps to allow customers to write OPA policies against the scan results. | Feature Requests | harness

Expose STO vulnerability data from scan steps to allow customers to write OPA policies against the scan results.

complete

Tight Swordfish

Expose STO vulnerability data from scan steps to allow customers to write OPA policies against the scan results.
Ability to get vulnerability data from STO API
Pipe STO data to OPA policy management
Evaluate OPA policies against STO data for STO steps
Add new OPA entity type for STO data
Create out-of-the-box OPA policies for STO use cases

Created by abhinandan.parashar

January 18, 2024

Pritesh Chandaliya

marked this post as

complete

Pritesh Chandaliya

This is now available on all the production clusters and ready to use.

You can find the docs here - https://developer.harness.io/docs/security-testing-orchestration/use-sto/stop-builds-based-on-scan-results/stop-pipelines-using-opa

Pritesh Chandaliya

This is already released in the pre-production and will be available on all the production environment in couple of weeks.
Release notes including documentation on how to use the sample policy and how to customize policies will be released at the same time. 
We will have 7 sample OOB policies including 2 at the pipeline level and rest at the STO step level.
Thanks!