SECURE_ANALYZERS_PREFIX
| Specify the Docker registry base address from which to download the analyzer.
|
FUZZAPI_VERSION
| Specify API Fuzzing container version. Defaults to 3 .
|
FUZZAPI_IMAGE_SUFFIX
| Specify a container image suffix. Defaults to none.
|
FUZZAPI_API_PORT
| Specify the communication port number used by API Fuzzing engine. Defaults to 5500 . Introduced in GitLab 15.5.
|
FUZZAPI_TARGET_URL
| Base URL of API testing target.
|
FUZZAPI_PROFILE
| Configuration profile to use during testing. Defaults to Quick-10 .
|
FUZZAPI_EXCLUDE_PATHS
| Exclude API URL paths from testing.
|
FUZZAPI_EXCLUDE_URLS
| Exclude API URL from testing.
|
FUZZAPI_EXCLUDE_PARAMETER_ENV
| JSON string containing excluded parameters.
|
FUZZAPI_EXCLUDE_PARAMETER_FILE
| Path to a JSON file containing excluded parameters.
|
FUZZAPI_OPENAPI
| OpenAPI Specification file or URL.
|
FUZZAPI_OPENAPI_RELAXED_VALIDATION
| Relax document validation. Default is disabled.
|
FUZZAPI_OPENAPI_ALL_MEDIA_TYPES
| Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled.
|
FUZZAPI_OPENAPI_MEDIA_TYPES
| Colon (: ) separated media types accepted for testing. Default is disabled.
|
FUZZAPI_HAR
| HTTP Archive (HAR) file.
|
FUZZAPI_GRAPHQL
| Path to GraphQL endpoint, for example /api/graphql . Introduced in GitLab 15.4.
|
FUZZAPI_GRAPHQL_SCHEMA
| A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4.
|
FUZZAPI_POSTMAN_COLLECTION
| Postman Collection file.
|
FUZZAPI_POSTMAN_COLLECTION_VARIABLES
| Path to a JSON file to extract Postman variable values. The support for comma-separated (, ) files was introduced in GitLab 15.1.
|
FUZZAPI_OVERRIDES_FILE
| Path to a JSON file containing overrides.
|
FUZZAPI_OVERRIDES_ENV
| JSON string containing headers to override.
|
FUZZAPI_OVERRIDES_CMD
| Overrides command.
|
FUZZAPI_OVERRIDES_CMD_VERBOSE
| When set to any value. It shows overrides command output as part of the job output.
|
FUZZAPI_PRE_SCRIPT
| Run user command or script before scan session starts.
|
FUZZAPI_POST_SCRIPT
| Run user command or script after scan session has finished.
|
FUZZAPI_OVERRIDES_INTERVAL
| How often to run overrides command in seconds. Defaults to 0 (once).
|
FUZZAPI_HTTP_USERNAME
| Username for HTTP authentication.
|
FUZZAPI_HTTP_PASSWORD
| Password for HTTP authentication.
|
FUZZAPI_HTTP_PASSWORD_BASE64
| Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4.
|