-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy path.zap-baseline.conf
More file actions
51 lines (38 loc) · 1.19 KB
/
.zap-baseline.conf
File metadata and controls
51 lines (38 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# OWASP ZAP Baseline Configuration
# This file configures ZAP baseline scan rules
# Rules to include (comprehensive security scan)
include = *
# Rules to exclude (false positives or low priority)
exclude =
10021, # X-Content-Type-Options header missing (we add this via middleware)
10020, # X-Frame-Options header missing (we add this via middleware)
10054, # CSP header missing (we add this via middleware)
# Alert thresholds
# HIGH = High risk vulnerabilities
# MEDIUM = Medium risk vulnerabilities
# LOW = Low risk vulnerabilities
# INFO = Informational findings
# Minimum alert level to report
minAlertLevel = LOW
# Maximum alert level to report
maxAlertLevel = HIGH
# Scan duration (in seconds)
scanDuration = 300
# Timeout for requests (in seconds)
requestTimeout = 30
# Follow redirects
followRedirects = true
# Maximum redirects to follow
maxRedirects = 5
# Active scan policy
activeScanPolicy = DEFAULT
# Passive scan rules
passiveScanRules = DEFAULT
# Authentication (if needed)
# authType = form
# authUrl = http://localhost:8000/api/login
# authUsername = test
# authPassword = test
# Context configuration
# contextName = CreditNexus
# contextUrl = http://localhost:8000