Codacy Security Now Includes Dynamic Application Security Testing (DAST)

In this article:
Subscribe to our blog:

We're thrilled to announce that Codacy Security now includes Dynamic Application Security Testing (DAST) capabilities!

If you've been keeping track of our progress, Codacy Security's evolution began with Static Application Security Testing (SAST), secrets detection, dependency scanning, and Infrastructure as Code (IaC) scanning, allowing dev teams to quickly and thoroughly analyze code security from the inside. 

We then added penetration testing capabilities, our first venture into analyzing your code from the outside as well. We've now launched our DAST solution as well.

Codacy's DAST capabilities are powered by an integration with ZAP, formerly OWASP ZAP, one of the most popular web app scanners in the world. You’ll be able to run ZAP in your CI/CD and see the scan results in Codacy. 

Here's how it works: DAST in Codacy Security consists of an endpoint that accepts ZAP scan reports so that the user can aggregate all security issues in a single place.

The endpoint will mainly be used in CI/CD pipelines that are already automatically performing ZAP scans. But even if you are running the scans manually, you can easily upload the results yourself.

Check out this demo from our most recent Product Showcase to see DAST in action in Codacy Security:

 

And while DAST is certainly the most exciting addition to our platform, it's not the only one. Check out this Product Showcase recap for more detailed explanations of all the latest improvements and innovations we've recently introduced. 

RELATED
BLOG POSTS

Now Available. Centralized view of security issues & risk within Codacy
Codacy is empowering engineering teams to bring their security auditing process to the surface.
Codacy Security Adds Thousands of New SAST Rules With Semgrep Integration
If 2023 taught us anything, it’s that code quality and code security are inextricably linked. Their main commonality? They are both required upstream...
Filtering Security Issues By Category in Codacy Security
While constantly adding new ways to check your code for security issues is incredibly important to us, being able to present that data to you...

Automate code
reviews on your commits and pull request

Group 13