-
New Feature
-
Resolution: Unresolved
-
Minor
List of authotized domains in admin config in order to restrict the target URL scope.
When ZAP on Jenkins is used as a service, the user should not be able to launch a scan against any target and the the target URL should comply to a set of regex rules that would be defined by the administrator in the plugin administration interface.
I don't understand what you mean, can you elaborate.
ZAP 2.5.X requires a starting point URL to be provided, this is from where the scan will originate as described in the documentation and the help tip in the plugin itself. It is not possible to leave this field empty. Similarly i am not sure how you would set this up in the UI either since it's not an available functionality.
You can include regex already into the context for each specific build.
But i also don't understand why this should be in the administration interface as a global setting rather than on a per job basis and specific to each application under test.