Changes
- The DAST JSON report is created using information from the ZAP REST API, not the ZAP JSON report (!142)
- Set the maximum duration of the spider scan with environment variable
DAST_SPIDER_MINS(!153) - Include alpha passive and active scan rules with environment variable
DAST_INCLUDE_ALPHA_VULNERABILITIES(!153) - Set the ZAP config URL to configure vulnerability finding risk levels with environment variable
DAST_ZAP_CONFIG_URL(!153) - Set the name of the ZAP config file to configure vulnerability finding risk levels with environment variable
DAST_ZAP_CONFIG_FILE(!163) - Generate sample config file with environment variable
DAST_ZAP_GENERATE_CONFIG(!163) - Set the ZAP Server command-line options with environment variable
DAST_ZAP_CLI_OPTIONS(!163) - Enable DAST debug messages with environment variable
DAST_DEBUG(!163) - Set the file name of the ZAP HTML report written at the end of a scan using
DAST_HTML_REPORT(!159) - Set the file name of the ZAP Markdown report written at the end of a scan using
DAST_MARKDOWN_REPORT(!159) - Set the file name of the ZAP XML report written at the end of a scan using
DAST_XML_REPORT(!159) - Copy contents of
/zap/wrkto the working directory in order to make them available as CI job artifacts (!160)