DAST scanner

Last updated: May 11, 2026

General configuration file keys

Here is an overview of the general configuration file keys. Remember that this applies to all of Fluid Attacks' scanners.

namespace: myapp
output:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: .
language: EN

Specific configuration file keys

The following keys are available only for the DAST scanner, nested under the dast key:

strict_connectivity

When set to true, the scanner exits with a non-zero status code if any configured endpoint could not be reached during the scan. Defaults to false.

dast:
  strict_connectivity: true

urls

A list of URLs to analyze. Each entry requires a url field and accepts an optional environment_id field:

dast:
  urls:
    - url: https://my-app.com
    - url: http://localhost
      environment_id: my-environment

Configuration file example

Below is an example of a highly personalized configuration file:

namespace: my_app
working_dir: ./
commit: e59607b9de3ef4c13d292705fg3da1ff0c67eb38
language: EN
output:
  file_path: /fluid-attacks-results.csv
  format: CSV
checks:
  - F043
strict: true
dast:
  strict_connectivity: true
  urls:
    - url: https://www.my_app.com

Have a question about the scanner or encountered a problem? Read "Scanner FAQ".

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.