You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codacy-api/examples/triggering-dast-scans.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,7 @@ Before the automation process itself, you need to create a target. Targets are i
19
19
Targets only need to be created once. Note that **targets are immutable** — if you need to change the URL, definition, or authentication, you'll need to delete the target and create a new one.
20
20
21
21
!!! important
22
-
**Do not run API scans on production enviroments** as our API scanners may cause potential downtime. [Learn more](../../organizations/managing-security-and-risk.md#avoid-running-api-scans-on-production-environments)
22
+
**Do not run API scans on production enviroments** as our API scanners may cause potential downtime. [Learn more](../../organizations/managing-security-and-risk.md)
23
23
24
24
To create a target, use the following API request:
Copy file name to clipboardExpand all lines: docs/organizations/managing-security-and-risk.md
+2-14Lines changed: 2 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -590,7 +590,7 @@ Codacy supports two types of scanning:
590
590
### Creating an App Scanning target
591
591
592
592
!!! important
593
-
**Do not run API scans on production enviroments** as our API scanners may cause potential downtime.[Learn more](#avoid-running-api-scans-on-production-environments)
593
+
**Do not run API scans on production enviroments as our API scanners may cause potential downtime.**
594
594
595
595
Our DAST API scanner performs active security testing by sending a large number of requests to your application. When using authenticated API scanning, this activity can be even more intensive, as ZAP explores and probes more of your API surface.
596
596
@@ -602,7 +602,7 @@ Codacy supports two types of scanning:
602
602
603
603
We recommend running scans in a **test or staging environment**, or coordinating with your infrastructure team to ensure that your environment can safely handle the load.
604
604
605
-
When creating a scan target, you'll be able to choose between a Web App or an API. Configuring a Web App will only require a target URL, while APIs will have other requirements:
605
+
When creating a scan target, you'll be able to choose between a Web App or an API. Configuring a Web App will only require a target URL, while APIs will have other requirements:
606
606
607
607
-**REST APIs**, which require a publicly accessible OpenAPI specification URL.
608
608
-**GraphQL APIs**, where the schema is inferred from the default path `{targetUrl}/graphql`.
@@ -612,18 +612,6 @@ API targets optionally support **header-based authentication**. As you create a
612
612
!!! note
613
613
If exposing your API specification isn't feasible for your team, let us know via support or your account representative.
614
614
615
-
#### Avoid running API scans on Production environments
616
-
617
-
Our DAST API scanner performs active security testing by sending a large number of requests to your application. When using authenticated API scanning, this activity can be even more intensive, as ZAP explores and probes more of your API surface.
618
-
619
-
Depending on how your target environment is configured, this may:
620
-
621
-
- Trigger rate limiting or throttling
622
-
- Appear as a high volume of traffic, similar to a load test
623
-
- Lead to incomplete scan results if key endpoints are blocked or limited
624
-
625
-
We recommend running scans in a **test or staging environment**, or coordinating with your infrastructure team to ensure that your environment can safely handle the load.
0 commit comments