Skip to content

Change default scan execution scanner

Why are we doing this work

  • Currently the default scan execution scanner is DAST because it was the first scanner we supported
  • Per this private Slack thread,
:question: When creating a scan execution policy, why is DAST the default? Of all our analyzers, this has the most prerequisites and therefore is the most complex to configure.

Great question. The reason for this is simple and easy to change: DAST was the first analyzer we supported in Scan Execution Policies. 

So there is such a thing as a simple answer!
I keep meaning to raise this. Good question. We should consider leaving it empty or start with Secret Detection or SAST by default.

Relevant links

Non-functional requirements

  • Documentation:
  • Feature flag:
  • Performance:
  • Testing:

Implementation plan

  • frontend update default scanner to secret_detection

Verification steps

Edited by Alexander Turinske