DAST Scan Modes
DAST supports different scan modes to scan different types of web applications with different intentions.
Run the ZAP spider against the specified target for a short period of time. The script doesn't perform any actual ‘attacks’ and will run for a relatively short period of time (a few minutes at most).
This mode is intended to be ideal to run in a CI/CD environment, even against production sites.
It runs the ZAP spider against the specified target (by default with no time limit) followed by an optional ajax spider scan and then a full Active Scan before reporting the results.
This means that the script does perform actual ‘attacks’ and can potentially run for a long period of time. You should NOT use it on web applications that you do not own.
Tuned for performing scans against APIs defined by openapi, soap, or graphql via either a local file or a URL.
