diff --git a/tools/scan_tools/scan_tang_endpoint.yaml b/tools/scan_tools/scan_tang_endpoint.yaml
new file mode 100644
index 0000000..7fdd752
--- /dev/null
+++ b/tools/scan_tools/scan_tang_endpoint.yaml
@@ -0,0 +1,53 @@
+---
+config:
+    # WARNING: `configVersion` indicates the schema version of the config file
+    # This value tells RapiDAST what schema should be used to read this
+    # configuration.
+    # Therefore you should only change it if you update the configuration
+    # to a newer schema
+    # It is intended to keep backward compatibility
+    # (newer RapiDAST running an older config)
+    configVersion: 4
+
+# `application` contains data related to the application, not to the scans
+application:
+    shortName: "tangservers"
+    url: "https://1.2.3.4:6443"
+
+# `general` is a section that will be applied to all scanners
+general:
+    authentication:
+        type: "http_header"
+        parameters:
+            name: "Authorization"
+            value: "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6Ilp5YVYzWUs1dGNWSDFQb2lGVXZoWEwyWGhxOXlXMkFMZnFYM0hZVDF0X3MifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZmF1bHQtdG9rZW4teHhjYnYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGVmYXVsdCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjcwYjczNmY0LTUyMjUtNDgzZC1hNDU0LWE5YjA1YWQ5OGM2OSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmRlZmF1bHQifQ.XpWlNSZQCNKK7R-b913BwxmSeg2S8MT1CEi1PpdzqtlkaIhsImen_PIDgUz20gqSGBSM6e5VoqiJOxfyzbByADlU4pyoWk2RSh2jrEjZvWQ6EqBJAkzI5USyeSmkHoGog95al3XmE_YR-ZXpKm-V8UFNMY7ZRHwVxQL_zhrj9EIZdplOjF4O_WqDVVy4bTkWEQ0WEcQj38NamKK91UMhoSoE3eq8f6vSVSK4an7DzPq-EYUNmD5_j4BcF7E0my4el5uLs3QP200oJLxT6nLNQ-gUnC7yJz__oMEkAura3BzkTA-w0WmJqZrao9yF9nD9MtFEXk2jDq9nA3BJxyXb0g"
+            # Normally, token to be used can be extracted with:
+            # oc -n "${NAMESPACE}" get secret "${SECRET}" -o json
+            #   | jq -Mr '.data.token' | base64 -d
+    container:
+        # currently supported: `podman` and `none`
+        type: "none"
+
+scanners:
+    zap:
+        # define a scan through the ZAP scanner
+        apiScan:
+            apis:
+              apiUrl: "https://1.2.3.4:6443/openapi/v3/apis/daemons.redhat.com/v1alpha1/namespaces/nbde/tangservers"
+                # Replace previous line to scan other APi groups/version
+        passiveScan:
+            # optional list of passive rules to disable
+            disabledRules: "2,10015,10027,10096,10024,10054"
+        # Remove comment symbols to enable activeScan once it is made sure
+        # that scanning with 'passiveScan' runs successfully.
+        #      activeScan:
+        #          # If no policy is chosen, a default ("API-scan-minimal")
+        #          will be selected
+        #          # The list of policies can be found in scanners/zap/policies/
+        #          policy: "API-scan-minimal"
+        miscOptions:
+            # enableUI (default: false), requires a compatible runtime
+            # (e.g.: flatpak or no containment)
+            enableUI: false
+            # Defaults to True, set False to prevent auto update of ZAP plugins
+            updateAddons: false