Feature Requests

We would to leverage “Dastardly” DAST tool in Harness. Pls do the needful. Dastardly: https://portswigger.net/burp/dastardly

Currently STO module isn't listed in the selection of resources within resource group. Although the users have the necessary roles assigned to the view entities within STO, they will need have "all" the resources selected in the resource groups if not they are presented with a 403 forbidden error on the UI. Having granularity to select STO objects will be beneficial.

We need the Sonarqube step to be supported on Arm64 architecture. We have had to write a custom transform to ingest the results since this is not supported.

Currently the prisma STO step is marked as success even if "Vulnerability threshold check" result is "failed". We need to ensure that the execution fails if the "Vulnerability Threshold Check" fails.

I would like to place a bug report for hopefully then next upgrade to the Anchore Plugin. The current plugin is extremely limited, at least as far as I can tell. We would like to have the anchorectl switch -t non-os working so that CVE's shown to our deveopers in Security Tests will only show the application data CVEs that they need to be concerned with. An example from cli might be like the following: anchorectl image add rockylinux:9-ubi | anchorectl image vulnerabilities rockylinux:9-ubi -t non-os The standard command is as follows: "anchorectl image vulnerabilities myimage:latest -t non-os". So this is the image vulnerability scan which is likely different to the add command being used by the plugin. "anchorectl image add myimage" "anchorectl image vulnerabilities myimage -t non-os -o json" To be clear it needs to do both. Add the image then create a report with non-os data converted to Harness acceptable for ingest

STO Ingestion only supports Sarif file format natively. We need the ability to also ingest JSON and TXT formats.

Hello dear support team, looking for your kind support for adding following plugins: . Checkmarx native plugin for checkmarx one . Fluid attacks native plugin It's a very nice feature the integration of results for several AST tools anyways those I mentioned are not available Thanks

Mend has a newer CLI tool and v3.0 API, and is compatible with Mend’s SCA, SAST, and Container scanners We'd like to have the Mend Runner updated, so that these new functions can be utilized

Good Day, we are currently using Anchore via your image which uses anchorectl to generate a Security Testing report. The report is being created without issue. However, the report includes the base layer of the image as well as application data. We would like the report to only show the application data layer. For example we have things like VIM or Ubi8 os related library file CVEs. This is confusing our customers as they are only concerned with there application data and what they need to remedy within their source code. Thank You.

Feature request to support using Google scan natively in STO. Currently it seems that scan result ingestion is not supported, even when attempting to use JSON format. Is there any plans to support Google scans in the near future? Here is what we attempted: We created a custom step in our template to utilize a service account with the proper permissions to use "gcloud artifacts docker images scan" command output format to JSON. We then got the scan id result to use with the next command "gcloud artifacts docker images list-vulnerabilities" and also convert it to JSON file. However, the next step to use a custom ingestion for the security test does not work and ends up in a "Failed to load raw issues: Expecting value: line 1 column 1 (char 0)" error.