diff --git a/tools/scan_tools/tang_operator_template.yaml b/tools/scan_tools/tang_operator_template.yaml new file mode 100644 index 00000000..a614daa3 --- /dev/null +++ b/tools/scan_tools/tang_operator_template.yaml @@ -0,0 +1,50 @@ +--- +config: + # WARNING: `configVersion` indicates the schema version of the config file. + # This value tells RapiDAST what schema should be used to read this configuration. + # Therefore you should only change it if you update the configuration to a newer schema + # It is intended to keep backward compatibility (newer RapiDAST running an older config) + configVersion: 4 + +# `application` contains data related to the application, not to the scans. +application: + shortName: "tangservers" + url: "https://API_HOST_HERE:API_PORT_HERE/apis/daemons.redhat.com/v1alpha1" + +# `general` is a section that will be applied to all scanners. +general: + authentication: + type: "http_header" + parameters: + name: "Authorization" + # Ways to obtain token: + # oc get secret $(oc get secret | grep ^default-token | awk '{print $1}') -o json | jq -Mr '.data.token' | base64 -d + # oc whoami -t + value: "Bearer AUTH_TOKEN_HERE" + container: + # currently supported: `podman` and `none` + type: "none" + +scanners: + zap: + # parameters: + # executable: "ZAP_2.13.0/zap.sh" + # define a scan through the ZAP scanner + apiScan: + apis: + apiUrl: "https://API_HOST_HERE:API_PORT_HERE/openapi/v3/apis/daemons.redhat.com/v1alpha1" + + passiveScan: + # optional list of passive rules to disable + disabledRules: "2,10015,10027,10096,10024,10054" + + activeScan: + # If no policy is chosen, a default ("API-scan-minimal") will be selected + # The list of policies can be found in scanners/zap/policies/ + policy: "API-scan-minimal" + + miscOptions: + # enableUI (default: false), requires a compatible runtime (e.g.: flatpak or no containment) + enableUI: false + # Defaults to true, set false to prevent auto update of ZAP plugins + updateAddons: false