# DAST Scan

The Dynamic Application Security Testing (DAST) scan emphasis scanning of essential details such as the service URL and related configuration parameters that is collected from the ZAP integrator. 

This page explains the process of integrating ZAP with SSD and perform the  Adhoc DAST scan. 

* Before starting with the scan, you need to integrate ZAP with the OpsMx platform. Follow the steps provided in [Integrating ZAP](https://docs.opsmx.com/opsmx-delivery-shield-platform/getting-started/integrating-security-scanning-tools-in-delivery-shield/zap) to complete the process.
* If ZAP data needs to be mapped to a specific team, you need to create the team first. If no team-level segregation is required, skip this step. Follow the steps provided in [Managing Teams](https://docs.opsmx.com/opsmx-delivery-shield-platform/user-guide/manage-teams-and-access) to complete the process. 

### To Access Dast Scan

* Click on **Scan Now** button at the top right corner of the screen.

<figure><img src="https://docs.opsmx.com/~gitbook/image?url=https%3A%2F%2F2047464521-files.gitbook.io%2F%7E%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252F-MBEa1hoX6SqpDj-ymNs%252Fuploads%252FrJIKrYmqJVFzsym10w2D%252Fscan%2520now%2520.png%3Falt%3Dmedia%26token%3D56c19f36-9c4c-4212-80d3-43a1d9853d03&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=4d2e53fd&#x26;sv=2" alt=""><figcaption></figcaption></figure>

* In the screen that appears, select **Dast Scan** from the left panel.

<figure><img src="/files/GVHmVAZN2DRF0TcJG1x5" alt=""><figcaption></figcaption></figure>

Now you can **Add Project, Upload Project** or **Sync Project** to proceed with the scan.

### To Add a Project&#x20;

* To add or update a new project with artifact scan configurations, click **Add Project**.&#x20;
* The **Create Project** details page is displayed as shown below. Enter the details for the following fields:

<figure><img src="/files/MMOl59iiGlejoftNRo7k" alt=""><figcaption></figcaption></figure>

* **Name** : Enter a name for the project.&#x20;
* **Team** : Select the team for which you want to create the project.&#x20;
* **Scan Type** : The default type is Dast Scan.&#x20;
* **Platform** : Select the platform type, ZAP.
* **Scan Type** : The default scan type is Dast Scan.&#x20;
* **Account** : Choose the needed account that has been integrated for the selected platform. If no account is available for the selected platform then click **Add Account**.
  * The integration page is displayed. You can add a new account.&#x20;
* **Service URL :** Enter the URL link for which the scan needs to be done.&#x20;
* **Scan Level** : Select the scan level; either Web level or App level for which the scan needs to be applied.&#x20;
* **Schedule Scan** : You can set the scan schedule as to minutes or hours or days.
* Click Save.&#x20;

The project gets added for scanning.

#### &#x20;To Upload a Project

1. To upload a project from your local, click **Upload Project**.

<figure><img src="/files/voCdjygwZZe2rRhJY0WB" alt=""><figcaption></figcaption></figure>

2. Click **Upload File** and select the project you want to add for scanning. &#x20;

<figure><img src="/files/t7rLh9NnvsL1pycjVtZA" alt=""><figcaption></figcaption></figure>

3. Click **Save**.&#x20;

The file gets added for scanning.&#x20;

### To Integrate JIRA at Project Level

JIRA can be integrated at project level to create tickets whenever an alert is identified.&#x20;

* To integrate JIRA, click the Integrations icon on expanding the project.&#x20;

<figure><img src="/files/D87SrN8JKJlZ7rfSXbON" alt=""><figcaption></figcaption></figure>

* The JIRA integration page is displayed. Click **Add Account** and enter the details.&#x20;

<figure><img src="/files/zfsM6BarJXhWpjlfjjR2" alt=""><figcaption></figcaption></figure>

* Enter the values for the following fields:
  * **Account Name -** Enter the JIRA account name.&#x20;
  * **Jira Project Key -** Enter the name of your Jira project.&#x20;
  * **Jira** **URL -** Enter your Jira host Url&#x20;
  * **Jira Email Id -** Enter the username to access Jira.&#x20;
  * **Token -** Enter the password / token for the Jira account.&#x20;
  * Enable **Automatically create Jira tickets during the scan** to create JIRA ticket to the team owner when the alerts are identified.&#x20;
  * **Trigger Type** - Indicates at which level Jira tickets should be created.&#x20;
    * **Create Jira ticket at the Component Alert level** - Jira tickets will be created for each individual impacted component.&#x20;
    * **Create Jira ticket at the Deduplication Alert level** -  A single Jira ticket will be created for all the impacted components.&#x20;
    * **Creation Scope** - If Vulnerabilities is selected, Jira is created only for Critical and High alerts. If All Policies is selected Jira is created for all alerts.&#x20;
  * Enable **Assign the Jira ticket to the Team owner** if you want to assign the ticket to the team owner.&#x20;
  * **Fields -** Enter the labels that need to be added in the created Jira ticket.&#x20;
  * **Values -** Enter the values that need to be given in the Jira ticket. The given variables are replaced with actual values when the tickets are created.&#x20;
  * **Status Keyword Mapping** - You can set the keywords for the status.&#x20;
* Click **Test** to check if the entered values are valid.
* Once validated, click **Save**. The tool is connected.

### To View and Interpret Scan Results <a href="#to-view-and-interpret-scan-results" id="to-view-and-interpret-scan-results"></a>

Once the scan is complete, a confirmation message is updated within the project and OpsMx generates the overall results. They are displayed as shown below:

* Repos Registered
* Total Artifact Tags
* Total Scans
* Total Projects
* Auto Scan Enabled Repos

<figure><img src="/files/jUa6PK4RtiDcajcWhdNh" alt=""><figcaption></figcaption></figure>

The panel at the bottom displays the project details. On expanding each project you can view the complete details of it.

{% hint style="info" %}
The current status of the scan (completed, pending or failed) is displayed to notify the status of the project.&#x20;
{% endhint %}

* To edit the configuration details of the project, click the **Edit** button.&#x20;

<figure><img src="/files/YNpbdDykJzxm72UynK4I" alt=""><figcaption></figcaption></figure>

* Click the **View** option in the **Action** button, to view the SAST and SCA scan results of the project.&#x20;

<figure><img src="/files/1OUjvi39nvR0WeSyq76p" alt=""><figcaption></figcaption></figure>

* The results page displays the complete data of the scan details.&#x20;
  * On clicking the **Download** button, the scan results are downloaded in .json or .csv format.
  * On clicking Report, the scan results are downloaded in a report format.&#x20;
  * On clicking Go to Artifact Page, you are redirected to the related artifact page.&#x20;

<figure><img src="/files/52ClscU4mfPJ9hu4byTO" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.opsmx.com/ssd/security-risk-and-prioritization/user-guide/scan-now/dast-scan.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.