May 6, 2024

Harness partners with Semgrep through integration of SAST scanners in Harness STO

Table of Contents

Announcing Harness's partnership with Semgrep, featuring the integration of Semgrep open source SAST and Semgrep Code into Harness STO

Last month, we rolled out a set of built-in security scanners for Harness STO for the purpose of creating an easy on-ramp to shift-left security, whereby users can add a preconfigured scan step that's ready to run with just one click. Our default choice for Static Application Security Test (SAST) scanning within that set is Semgrep.

Semgrep is an application security platform that helps automate and manage SAST, supply chain, and secrets scanning at scale. We’re excited to announce that we’ve partnered with Semgrep through the integration of Semgrep Code and Semgrep’s open source SAST with Harness STO!

Figures 1 and 2: Semgrep Open Source is the default SAST scanner for Harness STO

Figure 3: Harness Step Library now includes Semgrep Open Source and Semgrep Code under SAST scanners

Figure 4: Semgrep Open Source and Semgrep Code (via Access Token) SAST configuration within Harness STO

Given our goal of simplifying shift-left security for users, we have now enabled native orchestration of the Semgrep Open Source and Semgrep Code SAST scanners. Harness STO users can scan a code repository and ingest the results with little to no manual configuration. STO then normalizes, deduplicates, and prioritizes the vulnerabilities, providing developers with AI-based remediation guidance.

Harness STO users can get started with Semgrep Open Source and then seamlessly upgrade to Semgrep Code for SAST scanning by providing the access token in the configuration. This upgrade brings additional analysis capabilities and code coverage through interfile analysis and Pro rules, resulting in more true positive findings and fewer false positives.

“We’re thrilled to partner with Harness to enable easy access and configurability of Semgrep’s products from the Harness STO module's interface”, said Luke O’Malley, Chief Product Officer.  “Joint customers will accelerate time to value when deploying Semgrep’s products, especially in complex hybrid environments.” 

Want to learn more about how Harness STO and Semgrep help you shift security left? Visit the STO product page or sign up for a demo with one of our experts!

Security Testing Orchestration