search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
30 stars 16 forks source link

FoD: unhide and rename `dast-scan *-legacy` subcommands as `dast-scan *-classic` #563

Open MikeTheSnowman opened 1 month ago

MikeTheSnowman commented 1 month ago

Enhancement Request

Issue #452 had the original fod dast-scan start and dast-scan get-config commands hidden and renamed with a -legacy prefix in order to accomidate the new FoD DAST Automated assessment capability. I think we had some uncertainty at the time if the legacy web-app/api DAST assessment types would be sticking around (or possibly some other reason).

But it's looking like DAST Automated and the Legacy DAST Assessment capabilities will be living together for now because it appears that DAST Automated is now available and does indeed appear to be it's own assessment type that can be used along side with the existing App/API DAST assessments.

With that said, I think we should consider doing the following:

  1. Make the dast-scan start-legacy and dast-scan get-config-legacy visible again
  2. Rename dast-scan start-legacy to dast-scan start-classic
  3. And rename dast-scan get-config-legacy to dast-scan get-config-classic
kadraman commented 1 month ago

Yes, I agree that the classic DAST will still be around. However since it is not automated (its basically just a form filling exercise) and the APIs (particularly the setup API) are incomplete I'm not sure what value it would have in fcli. Happy to uncomment/change the names if we think it adds value?