.svg)
We’re excited to announce the early access release of Dynamic Application Security Testing (DAST) for Codacy!
As part of our expanding security offering, DAST empowers development teams to identify vulnerabilities in their running applications—closing the gap between secure code and deployments.
While Codacy has always helped you ship clean, secure code, DAST furthers your application security by simulating real-world attacks—just like a malicious user would.
It’s designed to spot vulnerabilities that only emerge during runtime, giving you complete visibility into your application’s security posture.
How Codacy DAST Works
Getting started with DAST is easy. If you're a Business tier user, you're eligible for early access—just contact us to request access.
Once enabled, you can:
Configure scan targets with just a click.
Run scans on demand via the “Start scan” button.
Track progress in the Codacy UI and view results directly in the Findings tab of the Security page.
Built for Automation
Just like the rest of Codacy, DAST integrates seamlessly with your workflow. Use our API to trigger DAST scans in your CI/CD pipeline—daily, weekly, or on every deployment.
Automating security has never been this straightforward.
Already using DAST tools? You can upload your scan results via the API. We currently support results from Zed Attack Proxy (ZAP), and we’re actively working to support more tools.
Let us know if you use a different scanner—we’re happy to explore support for your stack.
What’s Coming Next
This is just the beginning. We’re already working on enhancements like:
- Header-based authentication for authenticated API scanning.
- Advanced configuration options for rules, authentication, and scan behavior.
We’re committed to keeping DAST as easy to use as it is powerful—making it effortless for you to secure every stage of the software development lifecycle.
Ready to try Codacy DAST? If you're a Business tier customer, get in touch now to enable early access.
