Skip to content

Releases: RedHatProductSecurity/rapidast

v2.1.0

31 May 01:35
@jeremychoi jeremychoi
v2.1.0
bda1325
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.1.0

RapiDAST v2.1.0 changes:

  • support GraphQL API scanning feature (backed by OWASP ZAP)
  • be able to run scanners using Flatpak.
  • support 'import' job feature (backed by OWASP ZAP)
  • support include and exclude urls (backed by OWASP ZAP)
  • added the 'oauth2OpenapiManualDownload' option
  • support http_header authentication (backed by OWASP ZAP)
  • appending '_from_var' to the config entry allows to refer to environment variables ( useful for not putting secrets inside the configuration)
  • [experimental] support integration with OWASP Defect Dojo
  • configVersion has been changed now to '4'
Assets 2
Loading

v2.0.0

30 Mar 01:29
@jeremychoi jeremychoi
v2.0.0
27dd6d3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.0

Refactored architecture focused on improving simplicity, extendibility and quality.

  • Provides a simpler configuration format
  • Provides an extensible framework to support multiple scanners
  • Adds pytest and the pre-commit hook to ensure the code is provided clean with good quality
  • Supports localhost scanning mode to run scanners installed on the host (previously using podman/docker was mandatory)
  • Supports authentication configuration through RapiDAST configuration (previously custom scripts required)
  • Supports spider/crawling through RapiDAST configuration
  • Supports reports in SARIF format in addition to the previous JSON, XML and HTML ones
  • Supports OWASP ZAP v2.12(previously: 2.11)
  • quay.io/redhatproductsecurity/rapidast:2.0.0 image is available along with a Helm chart to help run RapiDAST scans on Kubernetes/OpenShift
Assets 2
Loading

v1.1.0

29 Jul 04:57
@jeremychoi jeremychoi
v1.1.0
796015c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0
  • RapiDAST can run as an operator on Kubernetes or OpenShift
  • added Containerfile for building an RapiDAST image
  • support URL based scanning
  • support scriptBased Authentication
  • added pre-commit config
  • added a Github Actions workflow example
  • issues have been fixed (see the commit logs for more information)
Assets 2
Loading

v1.0.0 Release

21 Dec 06:05
@jeremychoi jeremychoi
v1.0.0
edeb1a1
Compare
Choose a tag to compare
v1.0.0 Release

RapiDAST v1.0.0 includes:

  • OpenAPI based scanning using OWASP ZAP with sample configuration and script files
  • OAUTH2 offline token handling for Script-based Authentication
  • Custom scanning rule generation
  • Support both docker and podman
  • Scanning report generation
Assets 2
Loading