Skip to content
/ rapidast Public

RapiDAST enables simple, continuous and fully automated application security testing

License

Apache-2.0 license
66 stars 44 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RedHatProductSecurity/rapidast

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

288 Commits
.github/workflows
.github/workflows
 
 
.tekton
.tekton
 
 
config
config
 
 
configmodel
configmodel
 
 
containerize
containerize
 
 
docs
docs
 
 
e2e-tests
e2e-tests
 
 
examples
examples
 
 
exports
exports
 
 
helm
helm
 
 
results
results
 
 
scanners
scanners
 
 
tests
tests
 
 
tools
tools
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.pylintrc
.pylintrc
 
 
CODEOWNERS
CODEOWNERS
 
 
LICENSE
LICENSE
 
 
artifacts.lock.yaml
artifacts.lock.yaml
 
 
conftest.py
conftest.py
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
pyproject.toml
pyproject.toml
 
 
rapidast.py
rapidast.py
 
 
requirements-build.txt
requirements-build.txt
 
 
requirements-dev.in
requirements-dev.in
 
 
requirements-dev.txt
requirements-dev.txt
 
 
requirements-llm.in
requirements-llm.in
 
 
requirements-llm.txt
requirements-llm.txt
 
 
requirements.in
requirements.in
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

RapiDAST

GitHub Actions Workflow Status GitHub License

RapiDAST (Rapid DAST) is an open-source security testing tool that automates DAST (Dynamic Application Security Testing) and streamlines the integration of security testing into development workflows. It is designed to help Developers and/or QA engineers rapidly and effectively identify low-hanging security vulnerabilities in your applications, ideally in CI/CD pipelines. RapiDAST is for organizations implementing DevSecOps with a shift-left approach.

RapiDAST provides:

  • Automated HTTP/API security scanning leveraging ZAP
  • Automated LLM AI scanning leveraging Garak
  • Kubernetes operator scanning leveraging OOBTKUBE
  • Automated vulnerability scanning using Nessus (requires a Nessus instance)
  • Command-line execution with yaml configuration, suitable for integration in CI/CD pipelines
  • Ability to run automated DAST scanning with pre-built or custom container images
  • HTML, JSON and XML report generation
  • Integration with Google Cloud Storage and OWASP DefectDojo

RapiDAST is for testing purposes, and should not be used on production systems.

See User Guide
See Developer Guide

Contributing

Contribution to the project is more than welcome.

See CONTRIBUTING.md

About

RapiDAST enables simple, continuous and fully automated application security testing

Topics

security-automation devsecops security-testing

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

66 stars

Watchers

7 watching

Forks

44 forks
Report repository

Releases 16

2.10.0 Latest
Mar 21, 2025
+ 15 releases

Packages

No packages published

Contributors 19
+ 5 contributors

Languages