DAST Site profile - Add support for APIs - Backend
frontend counterpart - #294059 (closed)
Epic - &5088 (closed)
Why are we doing this work
To enable users to easily run API scans from web-based interfaces.
What
This issue is to add API
support in On-demand Scans DAST site profile. Using this feature, users can run scans against their APIs.
Designs
Implementation plan
-
Understand how we should validate API specs with multiple hosts -
Validate API specification using the existing method and use the same host as the target url using host override -
Update GraphQL queries / mutations as per &5088 (closed) -
Add support for setting DAST_API_SPECIFICATION
environment variable
Edited by Philip Cunningham