diff --git a/docs/codacy-api/examples/triggering-dast-scans.md b/docs/codacy-api/examples/triggering-dast-scans.md index 3844f87481..3385a37507 100644 --- a/docs/codacy-api/examples/triggering-dast-scans.md +++ b/docs/codacy-api/examples/triggering-dast-scans.md @@ -83,4 +83,11 @@ Replace the placeholders with your own values: - **ORGANIZATION:** Name of the organization on the Git provider. For example, `codacy`. You must have admin permissions over the organization on the Git provider. - **DAST_TARGET_ID:** Identifier of a DAST target to analyze (obtained in the [previous section](./triggering-dast-scans.md#creating-targets). For example, `457`. You must have admin permissions over the organization on the Git provider. -Scans occur asynchronously. To monitor an ongoing scan you can use the [target management page in Codacy](../../organizations/managing-security-and-risk.md#app-scanning). Once completed, you can access all scan results by navigating to the **Security dashboard**, selecting the **Findings tab** and filtering by **Scan types > DAST/App scanning**. \ No newline at end of file +Scans occur asynchronously. To monitor an ongoing scan you can use the [target management page in Codacy](../../organizations/managing-security-and-risk.md#app-scanning). Once completed, you can access all scan results by navigating to the **Security dashboard**, selecting the **Findings tab** and filtering by **Scan types > DAST/App scanning**, or by clicking on a configured target to expand all of that target's results. +Additionaly, you can use the `SearchSRMItems` endpoint to filter findings by their DAST target URL with the following request: +```bash +curl -X POST https://app.codacy.com/api/v3/organizations/gh/codacy/security/items/search \ + -H "Accept: application/json" \ + -H "api-token: {API_KEY}" \ + -d '{"statuses":["OnTrack","Overdue","DueSoon"],"dastTargetUrls":["example.com]}' +``` diff --git a/docs/organizations/images/security-risk-management-app-scanning-see-results.png b/docs/organizations/images/security-risk-management-app-scanning-see-results.png new file mode 100644 index 0000000000..20f6b5382a Binary files /dev/null and b/docs/organizations/images/security-risk-management-app-scanning-see-results.png differ diff --git a/docs/organizations/managing-security-and-risk.md b/docs/organizations/managing-security-and-risk.md index acb2e1abd5..d9834b3499 100644 --- a/docs/organizations/managing-security-and-risk.md +++ b/docs/organizations/managing-security-and-risk.md @@ -643,4 +643,11 @@ Once a scan completes, results will be available under the **Findings** tab. Use !!! note Currently, DAST findings are only visible to admin and organization admin roles. +### Findings results for your DAST scans + +As previously mentioned, once a scan completes, results will be available under the **Findings** tab. Use the **Scan types > DAST/App scanning** filter to view relevant findings. +Additionaly, you can click on a configured target to expand all of that target's results. + +![DAST target results](images/security-risk-management-app-scanning-see-results.png) + Follow our [roadmap](https://roadmap.codacy.com) for updates on this feature.