STO set default scan results for different scan tools
long-term
T
Tan Cod
STO has it's own way of calculating vulnerabilities than that of the scan tool. We'd like the ability to use the specific calculation of the scan tool instead of what STO returns. For example, we have a medium severity vulnerability reported by Prisma Scan that Harness is reporting as high/critical. Although Harness does provide the raw scan results from the scanner, we'd like the ability to set the default results to be from Prisma instead of taking the calculation from STO in the Harness UI.
Log In
Pritesh Chandaliya
long-term
Pritesh Chandaliya
under review
We normalize the data across all the scanners and use NVD data for prioritization. That is the reason STO has a separate severity from the scanner.
We will look into it, and update you on the ETA.
For now, you can always use the raw data fields for referring the scanner specific fields.