Frequently Asked Questions (FAQs)
Can I run a DAST scan on the web applications hosted on the same local host?
Yes, but you need to specify the correct hostname or IP address of the web application, which a scanner Docker container or FortiPenTest can resolve. Do not use localhost or 127.0.0.1 in the URL as this does not work.
Do I require a FortiPentest license to run a DAST-FortiPentest scan?
Yes, you require FortiPenTest license to run a DAST-FortiPenTest scan from FortiDevSec. See Licensing.
Do I need to install a Docker engine in the host/machine to run a SAST/DAST scan?
Yes, since the FortiDevSec SAST and DAST scanners are docker images, you are required to install a Docker engine in that host/machine with the required user access/permission, to scan (automatic/manual) through the CI/CD pipeline. See Prerequisite.