/docs/desktop/addons/scan-policies/ Recent content in Scan Policies on ZAP Hugo en-us /docs/desktop/addons/scan-policies/policy-api/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-api/ <h1 id="api-policy">API Policy</h1> <p>A policy focusing on issues likely to impact APIs and not UI.</p> <p>For the list of scan rules included see the <a href="/alerttags/policy_api/">Alert Tag: POLICY_API</a> page.</p> <p>Programmatic Name: <code>API</code></p> <p>Return to <a href="/docs/desktop/addons/scan-policies/">main scan policies page</a>.</p> /docs/desktop/addons/scan-policies/policy-default/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-default/ <h1 id="default-policy">Default Policy</h1> <p>A policy which enables all of the installed active scan rules.</p> <p>Programmatic Name: <code>Default Policy</code></p> <p>Return to <a href="/docs/desktop/addons/scan-policies/">main scan policies page</a>.</p> /docs/desktop/addons/scan-policies/policy-dev-cicd/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-dev-cicd/ <h1 id="developer-cicd-policy">Developer CI/CD Policy</h1> <p>This policy is designed to be used by developers in a CI/CD pipeline.</p> <ul> <li>Recommended for running in CI/CD</li> <li>No environmental / server related rules</li> <li>No long running rules</li> <li>No rules with high false positives</li> <li>No timing attacks</li> <li>No informational only rules</li> <li>Minimal overlap</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_dev_cicd/">Alert Tag: POLICY_DEV_CICD</a> page.</p> /docs/desktop/addons/scan-policies/policy-dev-std/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-dev-std/ <h1 id="developer-standard-policy">Developer Standard Policy</h1> <p>A developer focused policy meant to perform fairly quickly while providing a greater set of results than the CICD policy, intended for use in a dev environment.</p> <ul> <li>A superset of Developer CICD</li> <li>Intended to run in a dev environment</li> <li>No environmental / server related rules</li> <li>No rules with high false positives</li> <li>No timing attacks</li> <li>No informational only rules</li> <li>Can include longer running rules</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_dev_std/">Alert Tag: POLICY_DEV_STD</a> page.</p> /docs/desktop/addons/scan-policies/policy-dev-full/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-dev-full/ <h1 id="developer-full-policy">Developer Full Policy</h1> <p>A developer focused policy, including a superset of the <a href="/docs/desktop/addons/scan-policies/policy-dev-std/">dev standard</a> with a greater variety of potential findings and only minimal environmental/server related rules, intended for use in a dev environment.</p> <ul> <li>A superset of Developer Standard</li> <li>Intended to run in a dev environment</li> <li>No rules with high false positives</li> <li>No timing attacks</li> <li>Minimal environmental / server related rules</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_dev_full/">Alert Tag: POLICY_DEV_FULL</a> page.</p> /docs/desktop/addons/scan-policies/policy-qa-cicd/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-qa-cicd/ <h1 id="qa-cicd-policy">QA CI/CD Policy</h1> <p>A quality assurance focused policy meant to perform fairly quickly while providing a greater set of results than developer policies, intended for use in a CI/CD pipeline for a QA/staging environment.</p> <ul> <li>Recommended for running in CI/CD</li> <li>Intended to run in a QA / Staging environment which is close to production</li> <li>A superset of Developer CI/CD but with important env / server rules enabled</li> <li>No long running rules</li> <li>No rules with high false positives</li> <li>No timing attacks</li> <li>No informational only rules</li> <li>Minimal overlap</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_qa_cicd/">Alert Tag: POLICY_QA_CICD</a> page.</p> /docs/desktop/addons/scan-policies/policy-qa-std/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-qa-std/ <h1 id="qa-standard-policy">QA Standard Policy</h1> <p>A quality assurance focused policy meant to perform fairly quickly while providing a greater set of results than developer policies, intended for use in a QA/staging environment.</p> <ul> <li>Intended to run in a QA / Staging environment which is close to production</li> <li>A superset of Developer Standard but with important env / server rules enabled</li> <li>Not env issues that should have been fixed by everyone</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_qa_std/">Alert Tag: POLICY_QA_STD</a> page.</p> /docs/desktop/addons/scan-policies/policy-qa-full/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-qa-full/ <h1 id="qa-full-policy">QA Full Policy</h1> <p>A quality assurance focused policy, including a superset of the <a href="/docs/desktop/addons/scan-policies/policy-qa-std/">QA standard</a> with a greater variety of potential findings with more environmental/server related rules, intended for use in a QA/Staging environment.</p> <ul> <li>Intended to run in a QA / Staging environment which is close to production</li> <li>A superset of Developer Full (and QA Standard) but with more env / server rules enabled</li> </ul> <p>For the list of scan rules included see the <a href="/alerttags/policy_qa_full/">Alert Tag: POLICY_QA_FULL</a> page.</p> /docs/desktop/addons/scan-policies/policy-pentest/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/desktop/addons/scan-policies/policy-pentest/ <h1 id="penetration-tester-policy">Penetration Tester Policy</h1> <p>A policy which enables all of the installed active scan rules with the exception of the Example rules.</p> <p>Programmatic Name: <code>Pen Test</code></p> <p>Return to <a href="/docs/desktop/addons/scan-policies/">main scan policies page</a>.</p>