Download
  1. Documentation
  2. The ZAP Desktop User Guide
  3. Add-ons
  4. Scan Policies

Scan Policies

This add-on provides a set of Scan Policies tuned for different purposes.

These policies are initialised as detailed in the relevant pages, but you can tune them as required.

  • Default Policy : the default policy, all installed active rules enabled
  • Developer CICD Policy : a policy intended for CI/CD use, focused on quick but higher risk issues
  • Developer Standard Policy : a policy directed at developers, meant to perform fairly quickly while providing a greater set of results than the CICD policy (intended for use in a dev environment)
  • Developer Full Policy : a developer focused policy, including a superset of the dev standard with a greater variety of potential findings and only minimal environmental/server related rules (intended for use in a dev environment)
  • QA Standard Policy : a quality assurance focused policy meant to perform fairly quickly while providing a greater set of results than developer policies, intended for use in a QA/staging environment
  • QA Full Policy : a more comprehensive quality assurance focused policy, including a superset of the QA standard with a greater variety of potential findings with more environmental/server related rules, intended for use in a QA/Staging environment
  • API Policy : a policy focusing on issues likely to impact APIs and not UI.