scanners/zap-advanced/examples/demo-petstoreapi-scan-authenticated-no-hardcoded-urls/scan.yaml from secureCodeBox/secureCodeBox

scanners/zap-advanced/examples/demo-petstoreapi-scan-authenticated-no-hardcoded-urls/scan.yaml

Summary

Maintainability

Test Coverage

Issues

# SPDX-FileCopyrightText: the secureCodeBox authors
#
# SPDX-License-Identifier: Apache-2.0

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: zap-advanced-scan-config
data:
  2-zap-advanced-scan.yaml: |-

    # ZAP Contexts Configuration 
    contexts:
      # Name to be used to refer to this context in other jobs, mandatory
      - name: scb-petstore-context
        # An optional list of regexes to include
        includePaths:
          - "https?://.*\\..*.svc:.*"
          - "https?://.*\\..*.svc/.*"
          - "https?://.*\\..*.svc.cluster.local/.*"
          - "https?://.*\\..*.svc.cluster.local:.*"
        # An optional list of regexes to exclude
        excludePaths:
          - ".*\\.css"
          - ".*\\.png"
          - ".*\\.jpeg"

    apis:
      - name: scb-petstore-api
        # -- The Name of the context (zapConfiguration.contexts[x].name) to spider, default: first context available.
        context: scb-petstore-context
        # -- format of the API ('openapi', 'grapql', 'soap')
        format: openapi
        # -- path to the OpenAPI spec. Always relative to the targets **hosts**, paths in the targets url will be ignored
        path: /v2/swagger.json

    # ZAP ActiveScans Configuration 
    scanners:
      - name: scb-petstore-scan
        # String: Name of the context to attack, default: first context
        context: scb-petstore-context
        # Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
        maxRuleDurationInMins: 1
        # Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
        maxScanDurationInMins: 5
        # Int: The max number of threads per host, default: 2
        threadPerHost: 5

---
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
  name: "zap-advanced-api-scan-petstore"
spec:
  scanType: "zap-advanced-scan"
  parameters:
    # target URL including the protocol
    - "--target"
    - "http://swagger-petstore.default.svc/"
    - "--context"
    - "scb-petstore-context"
  volumeMounts:
    - name: zap-advanced-scan-config
      mountPath: /home/securecodebox/configs/2-zap-advanced-scan.yaml
      subPath: 2-zap-advanced-scan.yaml
      readOnly: true
  volumes:
    - name: zap-advanced-scan-config
      configMap:
        name: zap-advanced-scan-config