Open kadraman opened 3 months ago
Not too familiar with DAST scanning; would this likely be a new scan request with exact same target and parameters, or could this be a completely different scan request? If the latter, there's not much that we can do, other than possibly improving the error message and filing an FoD enhancement request to support queuing for DAST scans.
If it's likely the exact same scan request, and FoD API allows for identifying that a scan is already running, and FoD can return similar properties as when starting a new scan, we could potentially (maybe optionally) have this command return a regular scan record with status like 'ALREADY_RUNNING'. The pipeline could then wait for completion of the existing scan; as long as it's the same target and scan parameters, it may not matter much whether that scan was already started before.
Alternatively, again if FoD provides the necessary endpoints, we could provide an option to cancel the existing scan before trying to start a new scan.
Maybe we could just add a single fcli option like --if-scan-running=cancel-existing|continue-with-existing|error
(we'll likely want to think about better/shorter option and value names), if we can implement all of these based on existing FoD endpoints? Or maybe something like --existing-scan=cancel|reuse
and if this option is not specified, throw an error if a scan is already running.
Current Behavior
The DAST Automated API does not handle queiring of scan requests, so if a DAST scan is requested whilst one is running, the following error is produced:
Expected Behavior
We can either fail gracefully by detecting this error or wait until the scan can be started.
However, it would be better if the DAST Automated endpoints supported queueing like the DAST ones.
Steps To Reproduce
No response
Environment
No response
Anything else?
No response