forked from RedHatProductSecurity/rapidast
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config-template-zap-mac.yaml
60 lines (50 loc) · 2.47 KB
/
config-template-zap-mac.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# This is a regular template file, which shows only the most important configuration entries for running on MacOS and using token as authentication against the sevice you want to test.
#
# Author: Red Hat Product Security
#
# Additional configuration options are available, as shown in "config-template-long.yaml".
# All the values are optional (except `config.configVersion`): if a key is missing, it will mean either "disabled" or a sensible default will be selected
config:
# WARNING: `configVersion` indicates the schema version of the config file.
# This value tells RapiDAST what schema should be used to read this configuration.
# Therefore you should only change it if you update the configuration to a newer schema
# It is intended to keep backward compatibility (newer RapiDAST running an older config)
configVersion: 6
# `application` contains data related to the application, not to the scans.
application:
shortName: "service-name"
url: "<service-url>"
# `general` is a section that will be applied to all scanners.
general:
authentication:
type: "http_header"
parameters:
name: "Authorization"
value_from_var: "EXPORTED_TOKEN"
container:
# This configures what technology is to be used for RapiDAST to run each scanner.
# Currently supported: `podman` and `none`
# none: Default. RapiDAST runs each scanner in the same host or inside the RapiDAST image container
# podman: RapiDAST orchestrates each scanner on its own using podman
# When undefined, relies on rapidast-defaults.yaml, or `none` if nothing is set
type: "none"
scanners:
zap:
# Define a scan through the ZAP scanner
apiScan:
apis:
apiFile: "path/to/local/openapi-schema"
passiveScan:
# optional list of passive rules to disable
disabledRules: "2,10015,10024,10027,10054,10096,10109,10112"
activeScan:
# If no policy is chosen, a default ("API-scan-minimal") will be selected
# The list of policies can be found in scanners/zap/policies/
policy: "API-scan-minimal"
container:
parameters:
image: "ghcr.io/zaproxy/zaproxy:stable" # for type such as podman
executable: "/Applications/ZAP.app/Contents/Java/zap.sh" # the path to ZAP for MacOS, used when general.container.type is 'none'. Installing ZAP is required from https://www.zaproxy.org/download/
miscOptions:
# List (comma-separated string or list) of additional addons to install
additionalAddons: "ascanrulesBeta"