Document air-gapped (offline) DAST for on-prem instances

Problem to solve

Our ~dast tools currently require internet connectivity to run using standard configurations. We should aim to support offline execution and provide clear documentation on how to configure scanners for such installations.

Intended users

Persona: Software developer Persona: Development Team Lead

Proposal

• Document how to run DAST in an offline mode, by including the --auto-update-addons false -z"-silent" CLI arguments.
• Note that 3rd party extensions such as the Ajax Spider may not work.
• Add a test to verify that the DAST log contains Shh! No check-for-update - silent mode enabled

Documentation

Documentation should be added to the DAST configuration section.

Testing

This has been tested on a simple instance of a website with no internet.

Worth testing:

• Ajax Spidering
• Selenium login functionality

What is the type of buyer?

Core/Starter/Premium/Ultimate

Links / references

What calls home does ZAP make?