We're thrilled to announce that Codacy Security now includes Dynamic Application Security Testing (DAST) capabilities!
If you've been keeping track of our progress, Codacy Security's evolution began with Static Application Security Testing (SAST), secrets detection, dependency scanning, and Infrastructure as Code (IaC) scanning, allowing dev teams to quickly and thoroughly analyze code security from the inside.
We then added penetration testing capabilities, our first venture into analyzing your code from the outside as well. We've now launched our DAST solution as well.
Codacy's DAST capabilities are powered by an integration with ZAP, formerly OWASP ZAP, one of the most popular web app scanners in the world. You’ll be able to run ZAP in your CI/CD and see the scan results in Codacy.
Here's how it works: DAST in Codacy Security consists of an endpoint that accepts ZAP scan reports so that the user can aggregate all security issues in a single place.
The endpoint will mainly be used in CI/CD pipelines that are already automatically performing ZAP scans. But even if you are running the scans manually, you can easily upload the results yourself.
Check out this demo from our most recent Product Showcase to see DAST in action in Codacy Security:
And while DAST is certainly the most exciting addition to our platform, it's not the only one. Check out this Product Showcase recap for more detailed explanations of all the latest improvements and innovations we've recently introduced.
