How Long do DAST Scans Take?
DAST Scan Modes as well as the size of the site being scanned both play a role in determining how long scans run.
SOOS has a maximum scan timeout limit of 180 minutes. If a scan is not completed in this timeframe the scan will produce an error indicating an incomplete status. The baseline scan mode typically takes between ~2-4 minutes to complete, however fullscan and apiscan modes are both more complex and will take more time to complete. These may end up exceeding 180 minutes depending on the complexity and size (number of pages or endpoints) of the site/API being scanned. To avoid these times, ensure that unnecessary rules are being filtered (Filtering DAST Scan Rules), additionally, split the scan into logic sections using by Excluding URLs From Being Scanned.
If DAST scans are being run locally it is important to make sure the command window doesn't experience any kind of pause, for example if the screen lock engages. The pause & restart of the command window could cause the scan to exceed the time limit.
