Skip to content

Commit

Permalink
New workflow for DAST scanning
Browse files Browse the repository at this point in the history
Signed-off-by: Miquel Simon <[email protected]>
  • Loading branch information
miquelsi committed Dec 11, 2024
1 parent 6026044 commit 80e8684
Show file tree
Hide file tree
Showing 3 changed files with 17,737 additions and 0 deletions.
50 changes: 50 additions & 0 deletions .github/dast/config-api.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
config:
# WARNING: `configVersion` indicates the schema version of the config file.
# This value tells RapiDAST what schema should be used to read this configuration.
# Therefore you should only change it if you update the configuration to a newer schema
# It is intended to keep backward compatibility (newer RapiDAST running an older config)
configVersion: 4

# `application` contains data related to the application, not to the scans.
application:
shortName: "Keycloak"
url: "http://IP_ADDRESS:8080" # to be replaced by your hostname and port

general:

authentication:
type: http_header
parameters:
name: Authorization
value: "bearer KEYCLOAK_TOKEN"

container:
# This configures what technology is to be used for RapiDAST to run each scanner.
# Currently supported: `podman` and `none`
# podman: RapiDAST runs each scanner using podman
# none: RapiDAST runs each scanner in the same host or container (where RapiDAST itself is running in a container)
type: "podman"

scanners:
zap:
apiScan:
apis:
apiFile: /home/runner/work/keycloak/keycloak/.github/dast/openapi.json
# alternative: apiFile: "<local path to openAPI file>"

passiveScan:
# optional list of passive rules to disable
disabledRules: "2,10015,10027,10096,10024,10098,10023"


# Enable activeScan by uncommenting, once scans with the passiveScan only has run successfully
# # If no policy is chosen, a default ("API-scan-minimal") will be selected
# # The list of policies can be found in scanners/zap/policies/
#activeScan:
# policy: API-scan-minimal

report:
format: ["json","sarif"]

miscOptions:
updateAddons: False
Loading

0 comments on commit 80e8684

Please sign in to comment.