You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/user-guide/README.md
+15-5Lines changed: 15 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,7 +57,15 @@ Password: choosen Password
57
57
58
58
The secureCodeBox can save the security tests results into different data stores. A list with all availible stores and how to configure and use them can be found [here](./persistence/README.md).
59
59
60
-
## Starting securityTests using the REST-API
60
+
## Starting securityTests
61
+
62
+
### Starting securityTests using the UI
63
+
64
+
When a scan is started via the Camunda UI, the scan is considered to be a manual scans. This means that its results has to be confirmed before they it gets persisted by the configured persistence provider (e.g. elasticsearch). The results will show up in the tasklist and will get persistet once their the task has been marked as completed.
65
+
66
+
### Starting securityTests using the REST-API
67
+
68
+
When a scan is started via the REST-API, the scan is considered to be automated. This means that the results will get automatically persisted into the configured perssitence provider (e.g. elasticsearch). The results of the securityTest will however **not** show up in the tasklist. The securityTest will be completed directly and the results are only availible via the persistence provider or by accessing it via the Rest-API.
61
69
62
70
In order to start a scan via the REST-API, send a PUT-Request to the following URL:
63
71
`<<Engine_Address>>/box/securityTests`.
@@ -82,6 +90,12 @@ The scanning target is set within the payload. A securityTest running a nmap por
82
90
83
91
You can check out a more detailed API documentation in the Swagger Docs of the secureCodeBox Engine. The Swagger Docs come together with the secureCodeBox Engine. You can access it at `<<Engine_Address>>/swagger-ui.html`. If you dont have one running yet you can look at the staticly exported version of it here: [Static API Docs](../developer-guide/api-doc.md)
84
92
93
+
#### Meta Fields and How to use them
94
+
95
+
MetaFields can be used to tag security tests with custom data relevant for you. We have encountered some data values which we found paticulary usefull and standardized their format to be used in multiple places. The list and formats can be found [here](./metafields/README.md).
96
+
97
+
MetaFields can currently only be set via the rest api. See the swagger docs for how to set them.
98
+
85
99
### In Depth Scan Examples
86
100
87
101
The following links contain completes examples and explanations how to set up and start scans against demo application.
@@ -90,10 +104,6 @@ The following links contain completes examples and explanations how to set up an
90
104
2.[Scanning Server Rendered Applications like BodgeIt Store using Arachni](./usage-examples/arachni-bodgeit-example.md)
91
105
3.[Scanning Server Rendered Applications like BodgeIt Store using OWASP ZAP](./usage-examples/zap-bodgeit-example.md)
92
106
93
-
## Meta Fields and How to use them
94
-
95
-
MetaFields can be used to tag security tests with custom data relevant for you. We have encountered some data values which we found paticulary usefull and standardized their format to be used in multiple places. The list and formats can be found [here](./metafields/README.md).
96
-
97
107
## Starting Scan-Processes using the CLI
98
108
99
109
We have introduced a [simple secureCodeBox CLI](../../cli/README.md) which is based on the REST-API. This CLI can be used to configure and start Scan-Process or to integrate with you CI/CD Pipeline (e.g. Jenkins).
0 commit comments