SECURE_ANALYZERS_PREFIX
|
Specify the Docker registry base address from which to download the analyzer.
|
FUZZAPI_VERSION
|
Specify API Fuzzing container version. Defaults to 5.
|
FUZZAPI_IMAGE_SUFFIX
|
Specify a container image suffix. Defaults to none.
|
FUZZAPI_API_PORT
|
Specify the communication port number used by API Fuzzing engine. Defaults to 5500. Introduced in GitLab 15.5.
|
FUZZAPI_TARGET_URL
|
Base URL of API testing target.
|
FUZZAPI_TARGET_CHECK_SKIP
|
Disable waiting for target to become available. Introduced in GitLab 17.1.
|
FUZZAPI_TARGET_CHECK_STATUS_CODE
|
Provide the expected status code for target availability check. If not provided, any non-500 status code is acceptable. Introduced in GitLab 17.1.
|
FUZZAPI_PROFILE
|
Configuration profile to use during testing. Defaults to Quick-10.
|
FUZZAPI_EXCLUDE_PATHS
|
Exclude API URL paths from testing.
|
FUZZAPI_EXCLUDE_URLS
|
Exclude API URL from testing.
|
FUZZAPI_EXCLUDE_PARAMETER_ENV
|
JSON string containing excluded parameters.
|
FUZZAPI_EXCLUDE_PARAMETER_FILE
|
Path to a JSON file containing excluded parameters.
|
FUZZAPI_OPENAPI
|
OpenAPI Specification file or URL.
|
FUZZAPI_OPENAPI_RELAXED_VALIDATION
|
Relax document validation. Default is disabled.
|
FUZZAPI_OPENAPI_ALL_MEDIA_TYPES
|
Use all supported media types instead of one when generating requests. Causes test duration to be longer. Default is disabled.
|
FUZZAPI_OPENAPI_MEDIA_TYPES
|
Colon (:) separated media types accepted for testing. Default is disabled.
|
FUZZAPI_HAR
|
HTTP Archive (HAR) file.
|
FUZZAPI_GRAPHQL
|
Path to GraphQL endpoint, for example /api/graphql. Introduced in GitLab 15.4.
|
FUZZAPI_GRAPHQL_SCHEMA
|
A URL or filename for a GraphQL schema in JSON format. Introduced in GitLab 15.4.
|
FUZZAPI_POSTMAN_COLLECTION
|
Postman Collection file.
|
FUZZAPI_POSTMAN_COLLECTION_VARIABLES
|
Path to a JSON file to extract Postman variable values. The support for comma-separated (,) files was introduced in GitLab 15.1.
|
FUZZAPI_OVERRIDES_FILE
|
Path to a JSON file containing overrides.
|
FUZZAPI_OVERRIDES_ENV
|
JSON string containing headers to override.
|
FUZZAPI_OVERRIDES_CMD
|
Overrides command.
|
FUZZAPI_OVERRIDES_CMD_VERBOSE
|
When set to any value. It shows overrides command output as part of the job output.
|
FUZZAPI_PER_REQUEST_SCRIPT
|
Full path and filename for a per-request script. See demo project for examples. Introduced in GitLab 17.2.
|
FUZZAPI_PRE_SCRIPT
|
Run user command or script before scan session starts. sudo must be used for privileged operations like installing packages.
|
FUZZAPI_POST_SCRIPT
|
Run user command or script after scan session has finished. sudo must be used for privileged operations like installing packages.
|
FUZZAPI_OVERRIDES_INTERVAL
|
How often to run overrides command in seconds. Defaults to 0 (once).
|
FUZZAPI_HTTP_USERNAME
|
Username for HTTP authentication.
|
FUZZAPI_HTTP_PASSWORD
|
Password for HTTP authentication.
|
FUZZAPI_HTTP_PASSWORD_BASE64
|
Password for HTTP authentication, Base64-encoded. Introduced in GitLab 15.4.
|
FUZZAPI_SUCCESS_STATUS_CODES
|
Specify a comma-separated (,) list of HTTP success status codes that determine whether an API Fuzzing testing scanning job has passed. Introduced in GitLab 17.1. Example: '200, 201, 204'
|