Add basic file for DAST

Resolves: #151 Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
latchset · Aug 28, 2023 · 44402dd · 44402dd
1 parent 1f9ed7e
commit 44402dd
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/tools/scan_tools/scan_tang.yaml b/tools/scan_tools/scan_tang.yaml
@@ -0,0 +1,53 @@
+---
+config:
+    # WARNING: `configVersion` indicates the schema version of the config file
+    # This value tells RapiDAST what schema should be used to read this
+    # configuration.
+    # Therefore you should only change it if you update the configuration
+    # to a newer schema
+    # It is intended to keep backward compatibility
+    # (newer RapiDAST running an older config)
+    configVersion: 4
+
+# `application` contains data related to the application, not to the scans
+application:
+    shortName: "tangserver"
+    url: "https://kubernetes.default.svc"
+
+# `general` is a section that will be applied to all scanners
+general:
+    authentication:
+        type: "http_header"
+        parameters:
+            name: "Authorization"
+            value: "Bearer <token-to-be-replaced>"
+            # Normally, token to be used can be extracted with:
+            # ${K8SC} -n "${NAMESPACE}" get secret "${SECRET}" -o json
+            #   | jq -Mr '.data.token' | base64 -d
+    container:
+        # currently supported: `podman` and `none`
+        type: "none"
+
+scanners:
+    zap:
+        # define a scan through the ZAP scanner
+        apiScan:
+            apis:
+                apiUrl: "https://kubernetes.default.svc/openapi/v3/apis/performance.openshift.io/v2"
+                # Replace previous line to scan other APi groups/version
+        passiveScan:
+            # optional list of passive rules to disable
+            disabledRules: "2,10015,10027,10096,10024,10054"
+        # Remove comment symbols to enable activeScan once it is made sure
+        # that scanning with 'passiveScan' runs successfully.
+        #      activeScan:
+        #          # If no policy is chosen, a default ("API-scan-minimal")
+        #          will be selected
+        #          # The list of policies can be found in scanners/zap/policies/
+        #          policy: "API-scan-minimal"
+        miscOptions:
+            # enableUI (default: false), requires a compatible runtime
+            # (e.g.: flatpak or no containment)
+            enableUI: false
+            # Defaults to True, set False to prevent auto update of ZAP plugins
+            updateAddons: false