RapiDAST
RapiDAST is a tool for performing dynamic application security testing (DAST) on running applications.
Therefore, it’s recommended to use a custom integration test to deploy the target application, and perform a RapiDAST scan inside that same integration test.
| RapiDAST scans are intended for testing environments and should not be used on production systems. |
-
An application created in Konflux
-
A RapiDAST configuration for testing this application. For more information, see the RapiDAST documentation
It is recommended to first create a RapiDAST config file for the target application by manual testing outside of Konflux, as this is usually faster than repeated runs of integration tests.
Create a Tekton Pipeline for use in an IntegrationTest, see this example pipeline.
At a high level, this example does the following:
-
Provision Environment: Creates an ephemeral environment to deploy the application
-
Deploy Application: Deploys the application using the snapshot from an earlier build pipeline
-
Run RapiDAST Scan: Runs RapiDAST to scan the deployed application
-
Trigger a run of the Integration Test (e.g. by opening a new pull request)
-
Browse to the Integration tests tab of the Konflux UI and find the RapiDAST test, verify it succeeded
-
Review any security issues reported by RapiDAST