STO: Restructure New to STO Section (#100242)

* dc5dd5 Add redirects

* bb49e9 Restructure New to STO section

Author: tejakummarikuntla

docs/continuous-delivery/gitops/get-started/harness-gitops-vs-argocd.md

@@ -23,7 +23,7 @@ This comparison dives into the key capabilities of ArgoCD vs. Harness GitOps, he
 | SSO | Supports [SSO](https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/) with OAuth2, OIDC, LDAP, SAML but requires manual configuration via ConfigMap. | Harness supports multiple [identity providers (IdPs)](/docs/platform/authentication/multiple-identity-providers) for user authentication using SAML. Seamless [SSO](/docs/platform/authentication/single-sign-on-saml) integration in your Harness account with enterprise identity providers like Okta,LDAP,SAML etc. with a UI-based setup. |
 | Multi-Cluster Management | **Cluster Registration**: By default, ArgoCD manages applications in the same cluster where it is installed. Additional clusters must be manually registered using the ArgoCD CLI (`argocd cluster add <cluster-name>`). | Harness provides automated cluster registration through the UI. No need for manual CLI commands, unlike ArgoCD. All clusters are managed from a single control plane, reducing complexity. Users can deploy applications across multiple clusters with unified visibility. |
 | Support & SLAs| Community-based support | Community-based support and dedicated enterprise support with SLAs for critical environments, ensuring faster issue resolution and system uptime. |
-| Security Testing Orchestration (STO) | ArgoCD itself does not provide built-in security scanning but can be integrated with third-party security tools like BlackDuck, Snyk, Trivy, and SonarQube for security checks. | Harness allows users to natively integrate [Security Testing Orchestration (STO)](/docs/security-testing-orchestration/get-started/overview) without needing separate CI/CD steps in their GitOps PR Pipeline. |
+| Security Testing Orchestration (STO) | ArgoCD itself does not provide built-in security scanning but can be integrated with third-party security tools like BlackDuck, Snyk, Trivy, and SonarQube for security checks. | Harness allows users to natively integrate [Security Testing Orchestration (STO)](/docs/security-testing-orchestration/overview) without needing separate CI/CD steps in their GitOps PR Pipeline. |
 | Notifications | Uses ArgoCD Notifications Controller, supports Slack, Email, Webhooks, MS Teams (requires manual setup). | Users can leverage [notifications](/docs/continuous-delivery/x-platform-cd-features/cd-steps/notify-users-of-pipeline-events.md) for their PR pipeline with UI based configuration, supporting Slack, MS Teams, Email, Webhooks, Jira. |
 | Dashboard | Basic UI for monitoring sync status and application health | <li>Harness provides a GitOps Dashboard that displays essential GitOps-related information, including the number of clusters, applications, and repositories, along with application sync and health status.</li><li> Users can also utilize the [Service Dashboard](/docs/continuous-delivery/monitor-deployments/monitor-cd-deployments) to view deployed instances along with their counts as well as Application details synced via Harness Pipeline.</li><li> Additionally, Harness supports [Custom Dashboards](/docs/continuous-delivery/monitor-deployments/using-cd-custom-dashboards#deployments-and-services-v2-behind-ff), allowing users to create customizable dashboards to monitor their deployment activities for GitOps PR Pipelines.</li> |
 | Terraform support  | No native Terraform support; requires external tools like the ArgoCD Terraform Controller. | Harness supports all entities using [Terraform](https://developer.harness.io/docs/platform/automation/terraform/harness-terraform-provider-overview/), allowing users to automate pipelines, GitOps agents, and applications. |

docs/internal-developer-portal/plugins/available-plugins/harness-native-plugins/sto-integration.md

@@ -97,7 +97,7 @@ This integration makes security a first-class citizen in the IDP ecosystem, impr
 
 * [Scorecards Overview](https://developer.harness.io/docs/internal-developer-portal/scorecards/scorecard/)
 * [Getting Started with STO](https://developer.harness.io/docs/security-testing-orchestration/get-started/overview/)
-* [Create Test Targets in STO](https://developer.harness.io/docs/security-testing-orchestration/get-started/key-concepts/targets-and-baselines/)
+* [Create Test Targets in STO](https://developer.harness.io/docs/security-testing-orchestration/key-concepts/targets-and-baselines/)
 
 ## How It Works
 
@@ -169,7 +169,7 @@ spec:
 
 ### 2. STO Test Target Annotation 
 
-The `harness.io/sto-test-target` annotation links an IDP component to the scan targets that Harness STO processes during its own, separate pipeline executions. These scan targets serve as the bridge between STO's test results and the corresponding IDP entity, ensuring that findings are accurately associated. You can always know more about [Creating Test Targets in STO](https://developer.harness.io/docs/security-testing-orchestration/get-started/key-concepts/targets-and-baselines/) from our docs.
+The `harness.io/sto-test-target` annotation links an IDP component to the scan targets that Harness STO processes during its own, separate pipeline executions. These scan targets serve as the bridge between STO's test results and the corresponding IDP entity, ensuring that findings are accurately associated. You can always know more about [Creating Test Targets in STO](https://developer.harness.io/docs/security-testing-orchestration/key-concepts/targets-and-baselines/) from our docs.
 
 The targets can be of two types:
 1. **Source Code (Git-based)**

docs/security-testing-orchestration/custom-scanning/custom-scan-reference.md

@@ -138,7 +138,7 @@ configuration
 
 #### Policy type
 
-The [scan mode](/docs/security-testing-orchestration/get-started/key-concepts/sto-workflows-overview) to use. 
+The [scan mode](/docs/security-testing-orchestration/key-concepts/sto-workflows-overview) to use. 
 
 ##### Key
 ```
@@ -228,4 +228,3 @@ import ScannerRefAdditionalConfigs from '/docs/security-testing-orchestration/st
 import ScannerRefAdvancedSettings from '/docs/security-testing-orchestration/sto-techref-category/shared/advanced-settings.md';
 
 <ScannerRefAdvancedSettings />
-

docs/security-testing-orchestration/custom-scanning/ingesting-issues-from-other-scanners.md

@@ -37,7 +37,7 @@ You can ingest custom issues from any scanning tool. STO supports a generic JSON
    ```
 
 2. Generate your issues data in the [required JSON format](#jaon-data-format-reference) described below and then save it in the shared folder.  
-  You might want to set up a Run step to generate your scans automatically whenever the pipeline runs. Go to [Ingest Scan Results into an STO Pipeline](../get-started/key-concepts/ingest-scan-results-into-an-sto-pipeline.md) for an example.
+  You might want to set up a Run step to generate your scans automatically whenever the pipeline runs. Go to [Ingest Scan Results into an STO Pipeline](/docs/security-testing-orchestration/key-concepts/ingest-scan-results-into-an-sto-pipeline) for an example.
 
 3. Add a **Custom Ingest** step and configure the scanner to ingest the results of the scan. For information about how to configure this step, go to [Custom Ingest settings reference](/docs/security-testing-orchestration/custom-scanning/custom-ingest-reference).
 
@@ -376,7 +376,7 @@ This command uses the filter to generate the correctly formatted output.
           else 3
           end
         ),
-        status: "open",
+        status: (issue.status // "open"),
         referenceIdentifiers: [
           {
             type: (if (.name | startswith("CVE-")) then "cve"

docs/security-testing-orchestration/dashboards/security-testing-dashboard.md

@@ -11,7 +11,7 @@ The **Security Testing Dashboard** provides an overview of security issues ident
 
 :::note
 - This dashboard requires an **Enterprise** account.
-- This dashboard shows only results for targets that have baselines defined. You should [define a baseline for every target](/docs/security-testing-orchestration/get-started/key-concepts/targets-and-baselines) in your project. 
+- This dashboard shows only results for targets that have baselines defined. You should [define a baseline for every target](/docs/security-testing-orchestration/key-concepts/targets-and-baselines) in your project. 
 :::
 
 The dashboard includes the following sections:

docs/security-testing-orchestration/exemptions/issue-exemption-workflow.md

@@ -92,10 +92,10 @@ This topic assumes that you have the following:
 
   STO supports two methods for specifying failure criteria: 
 
-   - [Fail on Severity](/docs/security-testing-orchestration/get-started/key-concepts/fail-pipelines-by-severity)  Every scan step has a Fail on Severity setting that fails the step if the scan detects any issues with the specified severity or higher. 
+   - [Fail on Severity](/docs/security-testing-orchestration/key-concepts/fail-pipelines-by-severity)  Every scan step has a Fail on Severity setting that fails the step if the scan detects any issues with the specified severity or higher. 
 
    - [OPA policies](/docs/security-testing-orchestration/policies/create-opa-policies) You can use Harness Policy as Code to write and enforce policies based on severity, reference ID, title, CVE age, STO output variables, and number of occurrences.
 
 * At least one successful build with a set of detected security issues. 
-* Security Testing Developer or [Security Testing AppSec](/docs/security-testing-orchestration/get-started/onboarding-guide#add-security-testing-roles)  user permissions are required to [request exemptions](#request-an-sto-exemption).
+* Security Testing Developer or [Security Testing AppSec](/docs/security-testing-orchestration/rbac)  user permissions are required to [request exemptions](#request-an-sto-exemption).
 * Only Security Testing AppSec users can [review, approve, reject,](#review-an-sto-exemption) and [update](#good-practice-review-and-update-sto-exemptions-periodically) exemptions.   -->

docs/security-testing-orchestration/exemptions/manage-exemptions.md

@@ -101,9 +101,9 @@ Clicking **Cancel** on an exemption request immediately removes it from the syst
 
 ## Best Practices
 
-- A user with the [Security Testing AppSec](/docs/security-testing-orchestration/get-started/onboarding-guide#add-security-testing-roles) role should periodically review all exemptions and update their statuses as needed.
+- A user with the [Security Testing AppSec](/docs/security-testing-orchestration/rbac) role should periodically review all exemptions and update their statuses as needed.
 
-- Always [define a baseline for every target](/docs/security-testing-orchestration/get-started/key-concepts/targets-and-baselines#every-target-needs-a-baseline). If a target doesn’t have a baseline, exemption details won’t be visible. Instead, you’ll see a link prompting you to define the target’s baseline.  
+- Always [define a baseline for every target](/docs/security-testing-orchestration/key-concepts/targets-and-baselines#every-target-needs-a-baseline). If a target doesn’t have a baseline, exemption details won’t be visible. Instead, you’ll see a link prompting you to define the target’s baseline.  
   <img src={baseline_not_defined} alt="Can't view exemption details because the target has no baseline" height="50%" width="50%" />
 
 - You can view the **Time Remaining** for approved exemptions and the **Requested Duration** for pending, rejected, and expired requests.

docs/security-testing-orchestration/faqs.md

@@ -97,7 +97,7 @@ By ingesting your custom issues, you can benefit from STO's refinement, deduplic
 
 ## How does STO identify new issues and display them in the UI?
 
-You can define a [_baseline_](/docs/security-testing-orchestration/get-started/key-concepts/targets-and-baselines) for each target. The baseline is the object that you want to update. For example, your scan target might be a codebase for a specific service that you're looking to update. You specify the `main` branch as the baseline. You run scans on the `main` branch and any number of non-main branches. Each scan has its own set of identified issues. 
+You can define a [_baseline_](/docs/security-testing-orchestration/key-concepts/targets-and-baselines) for each target. The baseline is the object that you want to update. For example, your scan target might be a codebase for a specific service that you're looking to update. You specify the `main` branch as the baseline. You run scans on the `main` branch and any number of non-main branches. Each scan has its own set of identified issues. 
 
 STO identifies an issue as "new" like this:
 
@@ -125,7 +125,7 @@ Harness supports two RBAC roles specifically for STO users. You can customize th
 
 * **AppSec** role — Permissions needed for Application Security or Security Operations staff. This role includes all Developer permissions and also allows users to approve security exemptions.
 
-These workflows are covered in [Add Security Testing roles](/docs/security-testing-orchestration/get-started/onboarding-guide#add-security-testing-roles).
+These workflows are covered in [Add Security Testing roles](/docs/security-testing-orchestration/rbac).
 
 ## How do I set up a CheckMarx scan step in YAML?
 
@@ -197,7 +197,7 @@ The following diagram illustrates the three stages in the STO deduplication pipe
 
 STO maintains its own set of container images pre-installed with open-source scanners such as Bandit, OWASP, Zap, Prowler, and Aqua Trivy. This makes it easy to get started running scans and generating results. The STO UI uses one format to report all detected issues and includes in-depth information about each detected issue: location, severity, and links to in-depth information, and so on.
 
-To get started, go to [Get started with STO](/docs/category/get-started-with-sto).
+To get started, go to [Get started with STO](/docs/security-testing-orchestration/get-started).
 
 ## Why don't I see results from specific scans in the Security Testing Dashboard?