DAST scanner configuration file | Fluid Attacks Help

DAST scanner configuration file

General configuration file keys

Here is a simple and recommended overview of the general configuration file keys. Remember that this applies to all of Fluid Attacks' scanners.

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: .
language: EN

Specific configuration file keys

The following keys are available only for the DAST scanner.


urls

URLs to analyze

http_checks

A boolean that indicates if you want to enable HTTP checks for the URLs (defaults to true)

ssl_checks

A boolean that indicates if you want to enable SSL checks for the URLs (defaults to true)

For example, to enable only HTTP checks for the scan:
    urls:
      - https://my-app.com
      - http://localhost.com
    http_checks: true
    ssl_checks: false

    Configuration file example

    Below is an example of a highly personalized configuration file:

    namespace: my_app
    working_dir: ./
    commit: e59607b9de3ef4c13d292705fg3da1ff0c67eb38
    language: EN
    output:
      file_path: /fluid-attacks-results.csv
      format: CSV
    checks:
      - F043
    strict: true
    urls:
      - https://www.my_app.com
    ssl_checks: false

    Advice on scanner issuesHave a question about the scanner or encountered a problem? Read the scanner FAQ.
    Free trial message
    Free trial
    Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.