API Security Configuration Options
The following table shows the configuration options available for the API Security scanner. These configuration options can be applied on the Account > Project > Scan levels. These configurations can be set via the web application (UI), CLI or API, as shown in the table below.
Notice
API configs can be configured on the account or project level using the Configuration API or on the scan level as part of the request body of the POST /scans API. When using the POST /scans API the scan.config.apisec prefix is left out.
Parameter | Values | Notes | CLI | API |
|---|---|---|---|---|
Swagger folder/file filter | Swagger folder path or any folder/file type. Allows users to select specific folders or files that they want to include or exclude from the code scanning process. |
|
Tenant/Project example: {
"key": "scan.config.apisec.swaggerFilter",
"value": "*.java,*.js",
"allowOverride": true
}Scan example: "config" [
{
"type": "apisec",
"value": {
"swaggerFilter": "*.java,*.js"
}
}
] | |
uuid1] | The upload link to your Swagger file. | See Workflow for API Scanner for the complete process of uploading a Swagger file and generating this upload link |
Example: "config" [
{
"type": "apisec",
"value": {
"uuid": "<link_to_your_swagger>"
}
}
] |
1] This configuration is only available via API and only on the scan level.