In addition to configuring the settings for the whole Dynamic Analysis, you can also configure the scan of each URL contained by the Dynamic Analysis.
On the Edit Configuration page, provide detailed information about the URL scan.
- Enter a starting URL for your scan, including any custom ports.
Select the checkbox if you want to include both the http:// and https:// address in the scan.
The scan starts at this page and then searches the entire website. Choose a URL that enables the scan to crawl all the pages on the site and adhere to these rules:
- You must precede URLs with http:// or https://.
- You must end directory names with a slash (/).
- Acceptable formats are full hostname (http://www.example.com/) or hostname and directory (http://example.com/dir/).
- Do not use wildcards in the target URL.
- You are not allowed to use wildcards in the Allowlist and Exclude URLs fields to include or exclude multiple pages or portions of a site all at one time.
- You can specify a page as a target URL, for example, http://www.example.com/dir/somepage
- Directory Restrictions
- Select the dropdown menu to choose how to restrict the scan of the directories at the URL:
- Directory and Subdirectories
- Allow the scan to crawl within the specified directory and any subdirectories, but not to crawl up from the starting point.
- Directory Only
- Allow the scan to stay within the specified directory and not crawl up or down from it.
- No Restrictions
- Allow the scan to crawl up and down from the specified directory.
- Blocklist URL Exclusions
- Exclude URLs that you do not want the Dynamic Analysis to scan. You can also change the scope of the blocklist by excluding the HTTP or HTTPS versions.
- Add to Allowlist
- By default, the Dynamic Analysis scan engine scans all subdirectories under the top-level domain. Because Veracode does not automatically scan the subdomains, you can include them in the scope of the scan by specifying them in the Allowlist tab. You can also change the scope of the URL scan by excluding the HTTP or HTTPS versions.
- Specify the Login Method
- Choose automatic login, basic authentication, or form-based login.
- Configure Internal Scanning
- If the URL is behind a firewall, select a reachable gateway and endpoint for the URL.
- Add User Agent Information
- Enter customized details of your browser to ensure the scan crawls for known vulnerabilities for that specific browser and returns information specific to the respective environment.
- Specify Custom Host to IP Resolutions
- If you do not want Veracode to perform a DNS lookup to obtain the IP address for the target host of your scan or if your target host does not have a DNS entry, you can enter one or more custom host-to-IP resolutions. Wildcards, slashes, or filepaths are not permitted. Private or internal IP addresses are only allowed if you have selected a gateway and endpoint in the Internal Scanning section.
Edit a URL Configuration
You can edit a URL configuration at any time by clicking the edit icon at the end of the URL row.
Delete a URL Configuration
If the Dynamic Analysis has not yet started, you can delete a URL configuration by clicking the delete icon at the end of the URL row.