Environment Settings
In the Settings panel, you have greater flexibility and control to set and edit settings that override the default parameters for authentication and scans, providing more customized results. Each tab in the panel includes the details and instructions for completing its fields. They have been documented below for reference.
To open an environment’s settings panel, click 
at the end of the environment row, then Settings in the dropdown menu.
Navigating the Settings Panel
At the top of the panel, you can search for environment settings in the search bar and copy your environment ID by clicking Copy ID. The settings panel is divided into two categories: General and Advanced Options. Remember to Save your changes when done.
 |
The following details the tabs in Settings:
General
ID & Config Files - The default view when opening the Settings panel. Details the Environment URL, Type, Discoverability, and Authentication. You can configure the environment name and download the config file here.
Organizational Associations - Associate projects, applications, and existing tags to your environment here. Associating projects is only applicable to API environments. When a project is associated with a DAST environment, the next time a scan is run, it will include results from both SAST and DAST. See below for more on associating applications with an environment.
Advanced Options
Authentication (Web-only) - If your authentication fails during setup, you can configure the fields in this panel to resolve the issue. For example, changing the App-Load Wait Time, or changing the attribute for TOTP, or changing the verification URL used in the testing (Poll POST Data), all are changes that can fix common authentication issues.
Scan Configurations - Here you can select a predefined scan mode: Fast, Balanced, Thorough, or Deep to better fit your goals. Predefined scan modes are ideal for quick scanning without requiring an understanding of file configuration or ZAP. Additionally, consider including server-related checks in the scan and support for slower applications. Include or Exclude file paths in the scan by adding them in their respective fields. Add a custom header with your scans. HTTP headers are key-value pairs in requests and responses that carry metadata needed for authentication, content handling, caching, and security. They’re not part of the URL but accompany it to provide context and control. For API environments, ensure that the API attribute files are uploaded.
CLI Settings - Here you can adjust the level of detail in scan logs (Info/Debugging), define the number of scan retry attempts in case of failure, the retry delay time between attempts, the JVM memory settings for the scan, and the output directory to save the scan results.
Associating Applications to an Environment
Your applications can be associated with an environment and scanned with DAST. This enables a centralized view of your security, where you can see its results in the application overview and in risk management, allowing your security team to prioritize vulnerabilities effectively.
To associate an application with your environment, perform the following on the Environments page:
Click the ellipsis at the end of the environment row, then select Settings.
Select Organizational Associations.
Click + Add Application.
Mark the checkbox for the application you want associated from the dropdown list, then click Select.
Click Set as Primary Environment, then Save when done.
Warning
Ensure you set the environment as the Primary Environment; otherwise, the application will not be scanned by DAST. You can associate multiple environments with a specific application, but only one environment can be set to Primary.