feat: [STO-10697]: Add External Policy Failures (#100911)

* 1c797c Final change

* 09fd44 Update overview page

* 67330a Add External Policy Failures

Author: lavakush07

docs/security-testing-orchestration/overview.md

@@ -60,7 +60,7 @@ In addition, DevOps and security teams need to act on the information provided f
 Harness STO enables DevOps and security teams to shift-left security testing:
 
 * **Test:** Test code, OSS libraries, containers, and live apps with popular security scanners as part of the CI/CD Pipeline. Harness orchestrates the scanners to ensure that scanning is timely and easy to apply.
-* **Remediate:** Repair security vulnerabilities by empowering developers with a prioritized list that is intelligently deduplicated across all scanners. Harness provides dashboards with clear security vulnerabilities identified.
+* **Remediate:** Repair security vulnerabilities by empowering developers with an intelligently deduplicated, prioritized list of vulnerabilities within each scanner. Harness provides dashboards that clearly highlight identified security vulnerabilities.
 * **Govern:** Use governance policies and real-time security dashboards for ensuring critical security issues never make it to production. You can apply [Harness existing OPA policy governance](/docs/platform/governance/policy-as-code/harness-governance-overview) to enforce your security testing practices.
 
 With Harness STO, you are scanning at any stage in the CI/CD Pipeline, and providing developers with deduplicated and prioritized vulnerabilities.

docs/security-testing-orchestration/view-security-test-results/view-scan-results.md

@@ -65,7 +65,23 @@ You can filter issues using multiple criteria in the **Vulnerabilities** tab:
 - **Stage**: Filter by pipeline stages.
 - **Step**: Filter by pipeline steps.
 - **Scanner**: Filter issues by specific scanners.
-- **Issue Type**: Filter by issue types (e.g., SAST, DAST, SCA, IaC, Secret etc.).
+- **Issue Type**: Filter by issue types (e.g., SAST, DAST, SCA, IaC, Secret, [External Policy Failure](/docs/security-testing-orchestration/view-security-test-results/view-scan-results#external-policy-failure), etc.).
+
+
+### External Policy Failures
+
+External Policy Failures indicate that a policy or compliance rule defined in the security scanner did not pass during the scan. These issues reflect  policies defined by organization, such as assurance policies, quality gates, or compliance rules, and are not security vulnerabilities.
+
+External policy failures are surfaced in Harness STO as a distinct **Issue Type** so that you can view External Policy Failures alongside other scan results.
+
+Scanners that currently support External Policy Failures:
+
+1. [Aqua Security](/docs/security-testing-orchestration/sto-techref-category/aquasec-scanner-reference#configure-external-policy-failures)
+2. [Wiz](/docs/security-testing-orchestration/sto-techref-category/wiz/artifact-scans-with-wiz#configure-external-policy-failures)
+3. [SonarQube](/docs/security-testing-orchestration/sto-techref-category/sonarqube-sonar-scanner-reference#configure-external-policy-failures)
+4. [Prisma Cloud](/docs/security-testing-orchestration/sto-techref-category/prisma-cloud-scanner-reference#configure-external-policy-failures)
+5. [Anchore](/docs/security-testing-orchestration/sto-techref-category/anchore-enterprise-scanner-reference#configure-external-policy-failures)
+6. [Veracode](/docs/security-testing-orchestration/sto-techref-category/veracode-scanner-reference#configure-external-policy-failures)
 
 ### Severity-based filtering