Skip to content

🛠️ Scan Configuration

Most of your scan configuration already follows the existing API DAST scan configuration, such as authentication.

However, there are a few additional configurations that are specific to SPA DAST scans.

Authentication

Just like API scans, you can configure a simple header authentication preset for now.

presets:
  - type: headers
    users:
      - headers:
          Authorization: Bearer user1Token
        username: user1
validation: false

Scope Configuration

In your Expert Configuration section in the settings of your scan, you can configure the scope of your scan. Scopes are regexes to match allowed URLs that the scanner should crawl and test.

scan:
  profile: default
  frontend_scopes_regexes:
    - '.*/dashboard/.*'
authentication: {}

Base URLs

In your Expert Configuration section in the settings of your scan, you can configure the base URLs of your scan. Base URLs is a map of base URLs to their respective depth. You can pre-seed the scanner with a list of URLs to start the scan from and enrich the crawling process by boosting known URLs.

scan:
  profile: default
  frontend_base_urls: 
    'https://example.com/user': 1
    'https://example.com/user/profile': 2
authentication: {}