-
Notifications
You must be signed in to change notification settings - Fork 39
/
config-template-multi-scan.yaml
74 lines (62 loc) · 3.07 KB
/
config-template-multi-scan.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# This is a configuration template file to perform scans using ZAP and user-defined container images
#
# Author: Red Hat Product Security
#
# This shows only the most important configuration entries for each scanning option.
# For more configuration options, see "config-template-long.yaml" for ZAP scan and "config-template-generic-scan.yaml" for user-defined scan
config:
# WARNING: `configVersion` indicates the schema version of the config file.
# This value tells RapiDAST what schema should be used to read this configuration.
# Therefore you should only change it if you update the configuration to a newer schema
# It is intended to keep backward compatibility (newer RapiDAST running an older config)
configVersion: 5
# `application` contains data related to the application, not to the scans.
application:
shortName: "MyApp-1.0"
url: "<Mandatory. root URL of the application>"
# `general` is a section that will be applied to all scanners.
general:
# See the config-template-long.yaml for more authentication options
authentication:
type: http_basic
parameters:
username: "user"
password: "mypassw0rd"
container:
# This configures what technology is to be used for RapiDAST to run each scanner.
# Currently supported: `podman` and `none`
# none: Default. RapiDAST runs each scanner in the same host or inside the RapiDAST image container
# podman: RapiDAST orchestrates each scanner on its own using podman
# When undefined, relies on rapidast-defaults.yaml, or `none` if nothing is set
#type: "none"
# `scanners' is a section that configures scanning options
# See the config-template-long.yaml for more options
scanners:
zap:
apiScan:
apis:
apiUrl: "<URL to openAPI>"
# alternative: apiFile: "<local path to openAPI file>"
passiveScan:
# optional list of passive rules to disable
disabledRules: "2,10015,10024,10027,10054,10096,10109,10112"
# Enable activeScan by uncommenting, once scans with the passiveScan only has run successfully
# If no policy is chosen, a default ("API-scan-minimal") will be selected
# The list of policies can be found in scanners/zap/policies/
#activeScan:
# policy: "API-scan-minimal"
generic_1:
# This is a generic scanner configuration, defined by the user
# Multiple items can be defined with "generic_<random_str>" named
# A path to file or directory where results are stored on the host. Note this needs to be used along with the 'volumes' configuration
results: "*stdout" # if None or "*stdout", the command's standard output is selected
# this config is used when container.type is not 'podman'
# toolDir: scanners/generic/tools
# inline: "<command to run>"
# this config is only used when container.type is 'podman'
#container:
#type: "podman" # currently, only "podman" type is supported
#parameters:
# Mandatory: image name to run
#image: "<container image name>"
#command: "<command to run in the container>" # Optional: By default, the image's ENTRYPOINT will be run