Codacy DAST: Scan Your Running Applications for Security Vulnerabilities

In this article:
Subscribe to our blog:

We’re excited to announce the early access release of Dynamic Application Security Testing (DAST) for Codacy! 

As part of our expanding security offering, DAST empowers development teams to identify vulnerabilities in their running applications—closing the gap between secure code and deployments.

While Codacy has always helped you ship clean, secure code, DAST furthers your application security by simulating real-world attacks—just like a malicious user would. 

It’s designed to spot vulnerabilities that only emerge during runtime, giving you complete visibility into your application’s security posture.

How Codacy DAST Works

Getting started with DAST is easy. If you're a Business tier user, you're eligible for early access—just contact us to request access.

Once enabled, you can:

Configure scan targets with just a click.

set new target configuration in codacy dast

Run scans on demand via the “Start scan” button.

Track progress in the Codacy UI and view results directly in the Findings tab of the Security page.

track progress in codacy findings tab

Built for Automation

Just like the rest of Codacy, DAST integrates seamlessly with your workflow. Use our API to trigger DAST scans in your CI/CD pipeline—daily, weekly, or on every deployment. 

Automating security has never been this straightforward.

Already using DAST tools? You can upload your scan results via the API. We currently support results from Zed Attack Proxy (ZAP), and we’re actively working to support more tools. 

Let us know if you use a different scanner—we’re happy to explore support for your stack.

What’s Coming Next

This is just the beginning. We’re already working on enhancements like:

  • Header-based authentication for authenticated API scanning.
  • Advanced configuration options for rules, authentication, and scan behavior.

We’re committed to keeping DAST as easy to use as it is powerful—making it effortless for you to secure every stage of the software development lifecycle.

Ready to try Codacy DAST? If you're a Business tier customer, get in touch now to enable early access.

RELATED
BLOG POSTS

Is your code secure with Codacy?
If you have been in the development business, you are well aware of the fact that data breaches are a part of the development experience, and while...
Thousands of New SAST Rules Added With Semgrep Integration
If 2023 taught us anything, it’s that code quality and code security are inextricably linked. Their main commonality? They are both required upstream...
Fun Open-Source Tools to Check Out in 2025
We at Codacy are all about open-source tools.

Automate code
reviews on your commits and pull request

Group 13