Skip to main content

Running a Scan

After an environment is configured, you can run a scan within that environment. A ZAP configuration file is selected as part of the scanning procedure each time a scan is executed. Selecting a Swagger file is also mandatory if the scanning is for an API environment. Initiating a scan is possible only within an existing API or web environment.

To run a scan:

  1. On the Application and Projects home page, select the Environment tab.

  2. In the row of the project that you want to scan, click Scan.

  3. The New Scan dialog opens, presenting the Environment Name, URL, and Environment Type.

    1. If the Environment Type is Web, select the ZAP configuration file you want to use in the scan in the Upload Configuration file section.

    2. If the Environment Type is API, select the ZAP configuration file and the Swagger file to use in the scan. Optionally, associate the results to an existing project.

  4. Click Scan. The New Scan dialog closes, and the scanning starts.

  5. You can monitor the scan status from the Environments tab.


The following downloadable files can be used as a base for Web or API ZAP configuration files:






Running DAST scans on Checkmarx One has a time limit of 2 hours and 45 minutes. To run DAST scans without any timeout, use the docker image or run DAST on one of the supported pipelines.