scanners/zap-advanced/examples/demo-petstoreapi-scan-authenticated-no-hardcoded-urls/scan.yaml
# SPDX-FileCopyrightText: the secureCodeBox authors
#
# SPDX-License-Identifier: Apache-2.0
---
apiVersion: v1
kind: ConfigMap
metadata:
name: zap-advanced-scan-config
data:
2-zap-advanced-scan.yaml: |-
# ZAP Contexts Configuration
contexts:
# Name to be used to refer to this context in other jobs, mandatory
- name: scb-petstore-context
# An optional list of regexes to include
includePaths:
- "https?://.*\\..*.svc:.*"
- "https?://.*\\..*.svc/.*"
- "https?://.*\\..*.svc.cluster.local/.*"
- "https?://.*\\..*.svc.cluster.local:.*"
# An optional list of regexes to exclude
excludePaths:
- ".*\\.css"
- ".*\\.png"
- ".*\\.jpeg"
apis:
- name: scb-petstore-api
# -- The Name of the context (zapConfiguration.contexts[x].name) to spider, default: first context available.
context: scb-petstore-context
# -- format of the API ('openapi', 'grapql', 'soap')
format: openapi
# -- path to the OpenAPI spec. Always relative to the targets **hosts**, paths in the targets url will be ignored
path: /v2/swagger.json
# ZAP ActiveScans Configuration
scanners:
- name: scb-petstore-scan
# String: Name of the context to attack, default: first context
context: scb-petstore-context
# Int: The max time in minutes any individual rule will be allowed to run for, default: 0 unlimited
maxRuleDurationInMins: 1
# Int: The max time in minutes the active scanner will be allowed to run for, default: 0 unlimited
maxScanDurationInMins: 5
# Int: The max number of threads per host, default: 2
threadPerHost: 5
---
apiVersion: "execution.securecodebox.io/v1"
kind: Scan
metadata:
name: "zap-advanced-api-scan-petstore"
spec:
scanType: "zap-advanced-scan"
parameters:
# target URL including the protocol
- "--target"
- "http://swagger-petstore.default.svc/"
- "--context"
- "scb-petstore-context"
volumeMounts:
- name: zap-advanced-scan-config
mountPath: /home/securecodebox/configs/2-zap-advanced-scan.yaml
subPath: 2-zap-advanced-scan.yaml
readOnly: true
volumes:
- name: zap-advanced-scan-config
configMap:
name: zap-advanced-scan-config