Users who want to filter the rules used during DAST scans can use the --disableRules parameter to identify specific rule IDs to omit from fullscan and baseline scan modes.

The full list of rules included in DAST scans with their corresponding IDs can be seen here on the ZAP site.  Rules listed as 'active' are called during fullscan scanMode, those listed as 'passive' take place in baseline scanMode.

Example:

--scanMode="fullscan" --disableRules="10021, 10096, 40025"

 

Note: Vulnerabilities identified during unfiltered scans will be moved to the 'Resolved' issues list if subsequent scans use --disableRules to omit the rule associated with any previously discovered vulnerability.