-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clearer mechianism to disable active scans #78
Comments
Hey @jayvdb Thanks for the feature suggestion! We are looking into it, and the next version should include a more user-friendly CLI. Also, we're planning on releasing v1.0 soon, and we're considering adding a config file to Cherrybomb that will allow you to change settings easily and even save them for future runs. |
Being able to disable specific checks only on a specific schema or endpoint would be handy in order to whitelist existing parts of the OAS while preventing reoccurrences of the problem on new parts of the OAS. When designing the new config file, it may be helpful to allow supporting the https://github.com/stoplightio/spectral (TS) config, which is also supported by https://github.com/daveshanley/vacuum (Go), which allows defining custom rules, e.g. https://github.com/co-cddo/api-standards-linting/blob/main/spectral-ruleset-govuk-public/ruleset.yaml |
Hey @jayvdb When it will be released, there will the option to disable/enable specific checks using said configuration file :) Regarding adding support for the format you've mentioned, it's not something we have planned right now but we will consider it, thanks! |
Is your feature request related to a problem? Please describe.
I have a demo server provided by a vendor, and dont want to be performing active scans on it. The passive scans are still quite useful.
Describe the solution you'd like
A clear way to disable the active scans.
Describe alternatives you've considered
I tried
cherrybomb oas --active-scan-checks "" --file ..
but that replied withI was able to get it to disable the active scans using
The isn't very intuitive.
If a simpler approach isnt possible, perhaps that sequence could be mentioned in the README or some docs, so that the tool doesnt default to active scanning unless the user is aware that will happen.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: