You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/codacy-api/examples/running-dast-scans.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,9 +2,9 @@
2
2
description: Instructions on how to run DAST/App using the API.
3
3
---
4
4
5
-
# Run DAST/App scans
5
+
# Run Dynamic Application Security Testing (DAST) scans
6
6
7
-
Thanks to the new app scanning capabilities available on the Security and Risk Management dashboard, it's now possible to automate application scanning via the API. This means that, with little effort, you'll be able to run ZAP on demand every time you deploy a new version of your app or your APIs.
7
+
Thanks to the new app scanning capabilities available on the Security and Risk Management dashboard, it's now possible to automate application scanning via Codacy's API. This means that, with little effort, you'll be able to run app scanning on demand every time you deploy a new version of your app.
8
8
9
9
!!! important
10
10
App scanning is a business feature. If you are a Codacy Pro customer, contact our customer success team to access a short trial.
@@ -13,8 +13,8 @@ Thanks to the new app scanning capabilities available on the Security and Risk M
13
13
14
14
## Creating targets
15
15
16
-
Before the automation process itself, you need to create a target. Targets are single units that contain all the configurations of your scan, in this case the URL (and later on other configurations, like authentication, scan type or open API definition).
17
-
Targets only need to be defined once. The target's URL is immutable, so, if you need to change it, you'll need to delete it and create a new target.
16
+
Before the automation process itself, you need to create a target. Targets are single units that contain all the configurations of your scan, in this case the URL (and later on other configurations, like authentication, scan type or an OpenAPI definition).
17
+
Targets only need to be defined once. The target's URL is immutable, so, if you need to change it, you'll need to delete the target and create a new one.
18
18
19
19
To create a target:
20
20
@@ -42,11 +42,11 @@ Replace the placeholders with your own values:
42
42
43
43
-**ORGANIZATION:** Name of the organization on the Git provider. For example, `codacy`. You must have admin permissions over the organization on the Git provider.
44
44
45
-
Once you create the target you'll get the TargetId as a response. That Id will be used later to trigger DAST scans.
45
+
Once you create the target you'll get the 'Target Id' as a response. That id will be used to trigger DAST scans in the next section.
46
46
47
47
## Running DAST analysis scans
48
48
49
-
Once your targets are created you can trigger an analysis by running the POST /dast/targets/{dastTargetId}/analyze method.
49
+
Once your targets are created you can trigger an analysis by calling the '[Analyze DAST target](https://api.codacy.com/api/api-docs#analyzedasttarget)' endpoint.
50
50
51
51
```bash
52
52
curl -X POST https://app.codacy.com/api/v3/organizations/{GIT_PROVIDER}/{ORGANIZATION}/dast/targets/{DAST_TARGET_ID}/analyze \
Copy file name to clipboardExpand all lines: docs/organizations/managing-security-and-risk.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -575,11 +575,11 @@ allowfullscreen>
575
575
</div>
576
576
577
577
578
-
From within the tab, you're able to configure a new target by inputting the URL of the app or API you'd like to scan. You can configure up to 6 targets within your organization (if you need more, talk to your customer success representative).
579
-
Scans can be triggered manually via the app or the API. As you click to start a scan, it will be first added to that target's queue and then run. If you've got a new version of the app while running a scan, no problem: just add a new scan to the queue, and it will run immediately after. There are no limits to how many scans an organization can run per target, so this should accommodate all your deployment needs.
578
+
From within the tab, you're able to configure a new target by inputting the URL of the app you'd like to scan. You can configure up to 6 targets within your organization (if you need more, talk to your customer success representative).
579
+
Scans can be triggered manually via Codacy's UI. As you click to start a scan, it will be first added to a queue and eventually executed. You can also queue a scan for a target that is already being scanned, and it will eventually execute after the current scan finishes. There are no limits to how many scans an organization can run per target, so this should accommodate all your deployment needs.
580
580
Once a scan is complete, its findings will be added to the findings tab, where you can review them using the filter **Scan types > DAST/App scanning**.
581
581
582
582
!!! note
583
-
Currently, DAST issues are only visible to admin and organization admin roles. We'll be reviewing this issue soon.
583
+
Currently, DAST issues are only visible to admin and organization admin roles.
584
584
585
585
Next steps for this release include adding Authentication, which will allow scans to have a wider coverage and better, more meaningful results. If you have any feedback, feel free to share it with us or with your customer success manager.
0 commit comments