-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathFullScanTech.yaml
70 lines (70 loc) · 1.8 KB
/
FullScanTech.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
---
# A simple plan that performs a full scan against a URL in the ZAP_TARGET env var.
# It uses the standard spider but only runs the AJAX spider if the app appears to be modern.
# The 2 spider tests will fail as they do not find at least 100 URLs,
# but they do not fail the whole plan as they just report at INFO level.
env:
contexts:
- name: "Target"
urls:
- "${ZAP_TARGET}"
includePaths: []
excludePaths: []
# technology:
# include: "${ZAP_TECH}"
parameters:
failOnError: true
failOnWarning: false
progressToStdout: true
vars: {}
jobs:
- parameters:
scanOnlyInScope: true
enableTags: false
rules: []
name: "passiveScan-config"
type: "passiveScan-config"
- parameters: {}
name: "spider"
type: "spider"
tests:
- onFail: "INFO"
statistic: "automation.spider.urls.added"
site: ""
operator: ">="
value: 100
type: "stats"
name: "At least 100 URLs found"
- parameters: {}
name: "passiveScan-wait-pre-ajax"
type: "passiveScan-wait"
- parameters:
maxDuration: 3
runOnlyIfModern: true
name: "spiderAjax"
type: "spiderAjax"
tests:
- onFail: "INFO"
statistic: "spiderAjax.urls.added"
site: ""
operator: ">="
value: 100
type: "stats"
name: "At least 100 URLs found"
- parameters:
policyDefinition:
defaultStrength: "medium"
defaultThreshold: "medium"
rules: []
name: "activeScan"
type: "activeScan"
- parameters: {}
name: "passiveScan-wait-pre-report"
type: "passiveScan-wait"
- parameters:
template: "modern"
reportTitle: "ZAP Scanning Report"
reportDescription: ""
reportFile: "zap-report.html"
name: "report"
type: "report"