Cloud costs
May 6, 2024
min read

Harness partners with Semgrep through integration of SAST scanners in Harness STO


Last month, we rolled out a set of built-in security scanners for Harness STO for the purpose of creating an easy on-ramp to shift-left security, whereby users can add a preconfigured scan step that's ready to run with just one click. Our default choice for Static Application Security Test (SAST) scanning within that set is Semgrep.

Semgrep is an application security platform that helps automate and manage SAST, supply chain, and secrets scanning at scale. We’re excited to announce that we’ve partnered with Semgrep through the integration of Semgrep Code and Semgrep’s open source SAST with Harness STO!

Figures 1 and 2: Semgrep Open Source is the default SAST scanner for Harness STO

Figure 3: Harness Step Library now includes Semgrep Open Source and Semgrep Code under SAST scanners

Figure 4: Semgrep Open Source and Semgrep Code (via Access Token) SAST configuration within Harness STO

Given our goal of simplifying shift-left security for users, we have now enabled native orchestration of the Semgrep Open Source and Semgrep Code SAST scanners. Harness STO users can scan a code repository and ingest the results with little to no manual configuration. STO then normalizes, deduplicates, and prioritizes the vulnerabilities, providing developers with AI-based remediation guidance.

Harness STO users can get started with Semgrep Open Source and then seamlessly upgrade to Semgrep Code for SAST scanning by providing the access token in the configuration. This upgrade brings additional analysis capabilities and code coverage through interfile analysis and Pro rules, resulting in more true positive findings and fewer false positives.

“We’re thrilled to partner with Harness to enable easy access and configurability of Semgrep’s products from the Harness STO module's interface”, said Luke O’Malley, Chief Product Officer.  “Joint customers will accelerate time to value when deploying Semgrep’s products, especially in complex hybrid environments.” 

Want to learn more about how Harness STO and Semgrep help you shift security left? Visit the STO product page or sign up for a demo with one of our experts!

Sign up now

Sign up for our free plan, start building and deploying with Harness, take your software delivery to the next level.

Get a demo

Sign up for a free 14 day trial and take your software development to the next level


Learn intelligent software delivery at your own pace. Step-by-step tutorials, videos, and reference docs to help you deliver customer happiness.

Case studies

Learn intelligent software delivery at your own pace. Step-by-step tutorials, videos, and reference docs to help you deliver customer happiness.

We want to hear from you

Enjoyed reading this blog post or have questions or feedback?
Share your thoughts by creating a new topic in the Harness community forum.

Sign up for our monthly newsletter

Subscribe to our newsletter to receive the latest Harness content in your inbox every month.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Security Testing Orchestration