Skip to content
/ rapidast Public
forked from RedHatProductSecurity/rapidast

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

License

Apache-2.0 license
0 stars 48 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jeremychoi/rapidast

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

330 Commits
.github/workflows
.github/workflows
 
 
.tekton
.tekton
 
 
config
config
 
 
configmodel
configmodel
 
 
containerize
containerize
 
 
docs
docs
 
 
e2e-tests
e2e-tests
 
 
examples
examples
 
 
exports
exports
 
 
helm
helm
 
 
results
results
 
 
scanners
scanners
 
 
tests
tests
 
 
tools
tools
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.pylintrc
.pylintrc
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
artifacts.lock.yaml
artifacts.lock.yaml
 
 
conftest.py
conftest.py
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
rapidast.py
rapidast.py
 
 
renovate.json
renovate.json
 
 
requirements-build.txt
requirements-build.txt
 
 
requirements-dev.in
requirements-dev.in
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements-llm.in
requirements-llm.in
 
 
requirements-llm.txt
requirements-llm.txt
 
 
requirements.in
requirements.in
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

RapiDAST

GitHub Actions Workflow Status GitHub License

RapiDAST (Rapid DAST) is an open-source security testing tool that automates DAST (Dynamic Application Security Testing) and streamlines the integration of security testing into development workflows. It is designed to help Developers and/or QA engineers rapidly and effectively identify low-hanging security vulnerabilities in your applications, ideally in CI/CD pipelines. RapiDAST is for organizations implementing DevSecOps with a shift-left approach.

RapiDAST provides:

  • Automated HTTP/API security scanning leveraging ZAP
  • Automated LLM AI scanning leveraging Garak
  • Kubernetes operator scanning leveraging OOBTKUBE
  • Automated vulnerability scanning using Nessus (requires a Nessus instance)
  • Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines
  • Ability to run automated DAST scanning with pre-built or custom container images
  • HTML, JSON and XML report generation
  • Integration with Google Cloud Storage and OWASP DefectDojo

RapiDAST is for testing purposes, and should not be used on production systems.

See User Guide
See Developer Guide

Contributing

Contribution to the project is more than welcome.

See CONTRIBUTING.md

About

RapiDAST provides a framework for continuous, proactive and fully automated dynamic scanning against web apps/API.

Resources

Readme

License

Apache-2.0 license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.5%
  • JavaScript 1.6%
  • Dockerfile 1.4%
  • Other 1.5%