DAST Scanning

Adjusting Scan Times

3min
dast scan modes docid\ in46me9k 6otbmok9hids as well as the size of the site being scanned both play a role in determining how long scans run soos has a maximum scan timeout limit of 180 minutes if a scan is not completed in this timeframe the scan will produce an error indicating an incomplete status the baseline scan mode typically takes between 2 4 minutes to complete, however fullscan and apiscan modes are both more complex and will take more time to complete these may end up exceeding 180 minutes depending on the complexity and size (number of pages or endpoints) of the site/api being scanned to avoid these times, ensure that unnecessary rules are being disabled ( excluding dast scan rules docid 1hh1sr62 gxmfmneie6g ), additionally, split the scan into logic sections using by excluding urls from being scanned docid\ qplvu4pihbwlfa5biwvqp if dast scans are being run locally it is important to make sure the command window doesn't experience any kind of pause, for example if the screen lock engages the pause & restart of the command window could cause the scan to exceed the time limit adjusting scan timing the dast scan timing can be configured beyond simply disabling rules, using the following configurations max active rule duration use the config scanner maxruledurationinmins=1 parameter to set the maximum number of time in minutes that each active rule is allowed to execute this prevents rules from hanging or becoming unresponsive while waiting for the web application to respond, and helps produce more predictable and repeatable scan times for active scans max scan duration in some situations, you may not want to wait for the full 180 minute timeout allowed by soos dast scans, to configure a shorter timeout, use the config scanner maxscandurationinmins=20 parameter to set the maximum number of minutes the entire scan is allowed to run max spider duration in larger sites or when trying to run quick ci/cd scans, setting the config spider maxduration=1 parameter is useful in limiting how long the dast scan will take to crawl the site and locate resources and pages to be included in the scan in this example, the spider will crawl the site for a maximum of 1 minute before starting the actual scan against the located resources and pages this does not apply to api scanning docid\ b osbxja4gvzmocy2mhcj combining both options docker run it soosio/dast clientid=\<soos client id> apikey="\<soos apikey>" projectname="\<project name>" otheroptions=" z ' config scanner maxruledurationinmins=1 config scanner maxscandurationinmins=20 config spider maxduration=1'" scanmode=baseline https //url to test