Today, we are announcing a new module in the Harness Software Delivery Platform that helps developers maintain high velocity while also ensuring the application services are highly secure. Harness Security Testing Orchestration (STO) was designed to make it easier for teams to adopt the popular shift-left security approach known as DevSecOps.
Harness Security Testing Orchestration is for teams that want to reduce the time and effort associated with interpreting, analyzing, and remediating the application vulnerabilities detected by security scanners. With Harness STO, you no longer need to choose between velocity and security. It puts guardrails in place to enforce compliance with security policies while performing the heavy lifting that typically slows down the velocity of the engineering team.
With Harness STO, you can reduce time spent manually parsing through data from multiple scanners, or trying to figure out what to remediate. STO supercharges your existing security scanners so your engineering teams can maintain their velocity while delivering highly secure application services.
Adopting DevSecOps Practices
Harness STO was designed to help companies of all sizes adopt and implement a DevSecOps approach while avoiding these common challenges:
- Significant rework to unwind and retest vulnerable code.
- Toil determining what needs fixing.
- Toil determining priority for fixing.
- Difficulty standardizing security policies.
- Inability to drive app scanning consistency.
- Problems understanding current app vulnerability state.
- Difficulty tracking and applying security exceptions.
Achieving Excellence in DevSecOps
Harness STO is a solution for engineering AND DevOps teams. Within STO, teams create policies that define which scanners should be used and what criteria constitute pass or fail. STO users also create security guardrails within their CI/CD pipelines. These guardrails determine whether or not pipelines are allowed to proceed to the next stage. Security scanner results are used to drive the behavior of the security guardrails.
The output of the security scanners is collected by Harness STO, which then normalizes, deduplicates, and correlates all of the disparate information. The result is a prioritized list of vulnerabilities and suggested remediation, which took no effort by engineering or DevOps to create.
STO can be used with Harness CI/CD or with the CI/CD tooling of your choosing. Security pipeline steps can be invoked via API calls for the ultimate flexibility with the added benefit of centralized and correlated scanner results. Velocity and security no longer need to be mutually exclusive.
Delivering highly secure applications is a team effort. To achieve success, each team should use the right scanners at the right stages of software delivery. Engineering teams want to deliver secure applications, but they also need to maintain velocity while doing so.
Interested in learning more or getting started with Harness Security Testing Orchestration? Click here for more information.