STO Tutorials
Your first pipeline, targeted quickstarts, and build-scan-push workflows.
Your first STO pipeline
Set up a simple pipeline with one scanner, run scans, analyze the results, and learn the key features of STO.
SAST code scans using Semgrep
Scan a codebase using Semgrep
DAST app scans using Zed Attack Proxy (ZAP)
Scan a web app using ZAP
Container image scans with Aqua Trivy
Scan a container image using Aqua Trivy
Trigger automated scans using GitLab merge requests
Launch pipeline builds and scans automatically based on GitLab merge requests.
Create a build-scan-push pipeline (STO only)
Launch pipeline builds and scans automatically based on GitLab merge requests.
Create a build-scan-push pipeline (STO and CI)
Launch pipeline builds and scans automatically based on GitLab merge requests.