diff --git a/docs/security-testing-orchestration/sto-techref-category/anchore-enterprise-scanner-reference.md b/docs/security-testing-orchestration/sto-techref-category/anchore-enterprise-scanner-reference.md
index 5053e02cdf2..db30f486605 100644
--- a/docs/security-testing-orchestration/sto-techref-category/anchore-enterprise-scanner-reference.md
+++ b/docs/security-testing-orchestration/sto-techref-category/anchore-enterprise-scanner-reference.md
@@ -12,41 +12,25 @@ sidebar_position: 20
-You can scan your container images with [Anchore Enterprise](https://docs.anchore.com/current/docs/).
+The **Anchore Enterprise** step in Harness STO lets you scan your container images using [Anchore Enterprise](https://docs.anchore.com/current/docs/).
+This step supports the following scan modes: [Orchestration](#anchore-enterprise-orchestration-example), [Extraction](#scan-mode), and [Ingestion](#scan-mode).
-## Important notes for running Anchore Enterprise scans in STO
+Before running Anchore Enterprise scans in STO, make sure the following requirements are met:
-### Anchore Enterprise requirements
+- **Anchore API and Version Compatibility**: Use the **Anchore v2 API** and **Anchore Enterprise Server v5.0 or later** when running [Orchestration](#anchore-enterprise-orchestration-example) or [Extraction](#scan-mode) scan modes.
+- **Server Configuration**: When deploying your Anchore Enterprise server, ensure that **port 8228** is exposed. Harness uses this port to communicate with the Anchore server.
+- **Air-Gapped Environments**: If you’re using this step in an air-gapped setup, review the following Anchore documentation for setup and feed synchronization guidance:
+ - [Running Anchore Enterprise in an Air-Gapped Environment](https://docs.anchore.com/3.0/docs/overview/air_gapped)
+ - [Anchore Enterprise Feeds](https://docs.anchore.com/current/docs/overview/feeds)
-- You must use the Anchore v2 API and Anchore Enterprise Server v5.0 or higher to run orchestration and extraction scans.
-When you deploy an Anchore Enterprise server, expose port 8228. Harness uses this port to communicate with the server.
+:::info
+- To run scans as a non-root user, you can use custom STO scan images and pipelines. See [Configure your pipeline to use STO images from private registry](/docs/security-testing-orchestration/use-sto/set-up-sto-pipelines/configure-pipeline-to-use-sto-images-from-private-registry).
+- STO supports multiple workflows for loading self-signed certificates. See [Run STO scans with custom SSL certificates](/docs/security-testing-orchestration/use-sto/secure-sto-pipelines/ssl-setup-in-sto#supported-workflows-for-adding-custom-ssl-certificates).
+:::
-### All data ingestion methods are supported
-You can run Orchestration, Extraction, and Ingestion workflows with Anchore Enterprise. This topic includes an [Orchestration pipeline example](#anchore-enterprise-orchestration-example) below.
-
-### Scans in air-gapped environments are supported
-
-You can run Anchore Enterprise scans in air-gapped environments. For more information, go to the Anchore Enterprise documentation:
-
-- [Running Anchore Enterprise in an Air-Gapped Environment](https://docs.anchore.com/3.0/docs/overview/air_gapped)
-- [Anchore Enterprise Feeds](https://docs.anchore.com/current/docs/overview/feeds)
-
-### Root access requirements
-
-import StoRootRequirements from '/docs/security-testing-orchestration/sto-techref-category/shared/root-access-requirements.md';
-
-
-
-### For more information
-
-import StoMoreInfo from '/docs/security-testing-orchestration/sto-techref-category/shared/more-information.md';
-
-
-
-
-## Anchore Enterprise step settings in STO
+## Anchore Enterprise step settings
The recommended workflow is to add an Anchore Enterprise step to a Build or Security stage and then configure it as described below.
@@ -61,6 +45,9 @@ import StoSettingScanModeData from './shared/step-palette/scan/mode/extraction.m
import StoSettingScanModeIngest from './shared/step-palette/scan/mode/ingestion.md';
+
+Refer to the [Orchestration setup](#anchore-enterprise-orchestration-example) section below to learn how to configure the **Orchestration** scan mode.
+
@@ -71,6 +58,11 @@ import StoSettingProductConfigName from './shared/step-palette/scan/config-name.
+This option allows you to set the Anchore's `VULN_TYPE` parameter. This setting filters the records returned to STO; it does not change how Anchore analyzes images.
+
+- **Default** or **All**: Combination report containing both **OS** and **Non-OS** vulnerability records.
+- **OS**: Vulnerabilities against operating system packages (RPM, DPKG, APK, etc.).
+- **Non-OS**: Vulnerabilities against language packages (NPM, GEM, Java Archive (jar, war, ear), Python PIP, .NET NuGet, etc.).
### Target
@@ -334,6 +326,3 @@ pipeline:
```
-
-
-
diff --git a/docs/security-testing-orchestration/sto-techref-category/github-advanced-security.md b/docs/security-testing-orchestration/sto-techref-category/github-advanced-security.md
index b480a73fc9d..3a05c68ffe8 100644
--- a/docs/security-testing-orchestration/sto-techref-category/github-advanced-security.md
+++ b/docs/security-testing-orchestration/sto-techref-category/github-advanced-security.md
@@ -20,7 +20,7 @@ The GitHub Advanced Security (GHAS) step in Harness STO enables you to scan your
:::info
- To run scans as a non-root user, you can use custom STO scan images and pipelines. See [Configure your pipeline to use STO images from private registry](/docs/security-testing-orchestration/use-sto/set-up-sto-pipelines/configure-pipeline-to-use-sto-images-from-private-registry).
-- STO supports multiple workflows for loading self-signed certificates. See [Run STO scans with custom SSL certificates](/docs/security-testing-orchestration/use-sto/secure-sto-pipelines/ssl-setup-in-sto/#supported-workflows-for-adding-custom-ssl-certificates).
+- STO supports multiple workflows for loading self-signed certificates. See [Run STO scans with custom SSL certificates](/docs/security-testing-orchestration/use-sto/secure-sto-pipelines/ssl-setup-in-sto#supported-workflows-for-adding-custom-ssl-certificates).
:::
## GitHub Advanced Security step settings