OpenAPI scan timeout configuration?

21 views
Skip to first unread message

Maximilian Paju

unread,
Oct 1, 2025, 8:43:23 AM (6 days ago) Oct 1
to ZAP User Group
I have this API with an OpenAPI spec that I want to scan. 

I see that some of the endpoints are timing out. I expect those endpoints to take a long time to respond. Can I exclude them somehow, or increase the timeout?

Maximilian Paju

unread,
Oct 1, 2025, 9:32:05 AM (6 days ago) Oct 1
to ZAP User Group
I'm using the Automation Framework, with the current configuration:

env:
  contexts:
    - name: Default Context
      urls:
        - ${TARGET_URL}
      authentication:
        verification:
          method: response
          pollFrequency: 60
          pollUnits: requests
      sessionManagement:
        method: cookie
      technology: {}
      structure: {}
  parameters:
    failOnError: true
    progressToStdout: true

jobs:
  - type: openapi
    parameters:
      apiUrl: ${TARGET_OPEN_API_SPEC_URL}
      context: Default Context

  - type: report
    parameters:
      template: sarif-json
      theme: null
      reportDir: /zap/wrk/
      reportFile: sarif.json
      reportTitle: ZAP by Checkmarx Scanning Report
    risks:
      - info
      - low
      - medium
      - high
    confidences:
      - falsepositive
      - low
      - medium
      - high
      - confirmed


Simon Bennetts

unread,
Oct 3, 2025, 12:55:35 PM (4 days ago) Oct 3
to ZAP User Group
Try exluding the URLs you dont want accessed from the context.
e.g.

env:
  contexts:
    - name: Default Context
      urls:
        - ${TARGET_URL}
      excludePaths:
        - ${TARGET_URL}/not/this/url
        - ${TARGET_URL}/or/this/url

And let us know of that works for you :)

Cheers,

Simon




Reply all
Reply to author
Forward
0 new messages