DAST scanner

Last updated: Mar 24, 2026

General configuration file keys

Here is an overview of the general configuration file keys. Remember that this applies to all of Fluid Attacks' scanners.

namespace:
myappoutput:
  file_path: ./Fluid-Attacks-Results.csv
  format: CSV
working_dir: .
language: EN

Specific configuration file keys

The following keys are available only for the DAST scanner:

http_checks

A boolean that indicates if you want to enable HTTP checks for the URLs (defaults to true).

ssl_checks

A boolean that indicates if you want to enable SSL checks for the URLs (defaults to true).

For example, to enable only HTTP checks for the scan:

urls:
  - https://my-app.com
  - http://localhost
http_checks: true
ssl_checks: false

Configuration file example

Below is an example of a highly personalized configuration file:

namespace: my_app
working_dir: ./
commit: e59607b9de3ef4c13d292705fg3da1ff0c67eb38
language: EN
output:
  file_path: /fluid-attacks-results.csv
  format: CSV
checks:
  - F043
strict: true
urls:
  - https://www.my_app.com
ssl_checks: false

Have a question about the scanner or encountered a problem? Read "Scanner FAQ".

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.