docs: rewrite user docs, fix modal scroll, webhook URL, and sccache

Rewrite all public documentation to be user-facing only: - Remove deployment, configuration, and self-hosting sections - Add guide pages for SBOM, issues, webhooks & PR reviews - Add reference pages for glossary and tools/scanners - Add 12 screenshots from live dashboard - Explain MCP, LLM triage, false positives, human-in-the-loop Fix edit repository modal not scrollable (max-height + overflow-y). Show full webhook URL using window.location.origin instead of path. Unset RUSTC_WRAPPER in agent cargo commands to avoid sccache errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 14:17:46 +01:00
parent 689daa0f49
commit c253e4ef5e
40 changed files with 872 additions and 1334 deletions
--- a/docs/features/dast.md
+++ b/docs/features/dast.md
@@ -1,10 +1,14 @@
 # DAST Scanning

-DAST (Dynamic Application Security Testing) performs black-box security testing against live web applications and APIs. Unlike SAST which analyzes source code, DAST tests running applications by sending crafted requests and analyzing responses.
+DAST (Dynamic Application Security Testing) performs black-box security testing against live web applications and APIs. Unlike SAST which analyzes source code, DAST tests running applications by sending crafted requests and analyzing responses for vulnerabilities.

 ## DAST Overview

-Navigate to **DAST** in the sidebar to see the overview page with:
+Navigate to **DAST** in the sidebar to see the overview page.
+
+![DAST overview with scan runs and finding counts](/screenshots/dast-overview.png)
+
+The overview shows:

 - Total DAST scans performed
 - Total DAST findings discovered
@@ -21,29 +25,29 @@ Navigate to **DAST > Targets** to configure applications to test.
 2. Enter the **base URL** (e.g. `https://staging.example.com`)
 3. Click **Add Target**

-### Target Configuration
+### Target Settings

 Each target supports these settings:

-| Setting | Description | Default |
-|---------|-------------|---------|
-| **Target Type** | WebApp, REST API, or GraphQL | WebApp |
-| **Max Crawl Depth** | How many link levels to follow | 5 |
-| **Rate Limit** | Maximum requests per second | 10 |
-| **Destructive Tests** | Allow DELETE/PUT requests | No |
-| **Excluded Paths** | URL paths to skip during testing | — |
+| Setting | Description |
+|---------|-------------|
+| **Target Type** | WebApp, REST API, or GraphQL |
+| **Max Crawl Depth** | How many link levels to follow |
+| **Rate Limit** | Maximum requests per second |
+| **Destructive Tests** | Allow DELETE/PUT requests |
+| **Excluded Paths** | URL paths to skip during testing |

 ### Authentication

-DAST supports authenticated scanning with multiple methods:
+DAST supports authenticated scanning so it can test pages behind login:

-| Method | Configuration |
-|--------|--------------|
+| Method | Description |
+|--------|------------|
 | **None** | No authentication |
-| **Basic** | Username and password (HTTP Basic Auth) |
-| **Bearer** | Bearer token (Authorization header) |
+| **Basic** | HTTP Basic Auth with username and password |
+| **Bearer** | Bearer token in the Authorization header |
 | **Cookie** | Session cookie value |
-| **Form** | Login URL, username field, password field, and credentials |
+| **Form** | Login form with URL, field names, and credentials |

 ::: warning
 Authenticated scans access more of the application surface. Only test applications you own or have explicit authorization to test.
@@ -51,37 +55,15 @@ Authenticated scans access more of the application surface. Only test applicatio

 ## Running a DAST Scan

-Click the **Scan** button on any target row. The scan runs through these phases:
+Click the **Scan** button on any target row. The scan progresses through:

-1. **Crawl** — Discovers pages, forms, and API endpoints by following links and analyzing JavaScript
-2. **Test** — Sends attack payloads to discovered parameters
-3. **Report** — Collects results and generates findings
+1. **Crawl** -- discovers pages, forms, and API endpoints by following links and analyzing JavaScript
+2. **Test** -- sends attack payloads to discovered parameters
+3. **Report** -- collects results and generates findings

-The scan uses a headless Chromium browser (the `chromium` service in Docker Compose) for JavaScript rendering during crawling.
+## Viewing DAST Findings

-## DAST Scan Agents
-
-The scanner includes specialized testing agents:
-
-### API Fuzzer
-Tests API endpoints with malformed inputs, boundary values, and injection payloads.
-
-### XSS Scanner
-Detects Cross-Site Scripting vulnerabilities by injecting script payloads into form fields, URL parameters, and headers.
-
-### SSRF Scanner
-Tests for Server-Side Request Forgery by injecting internal URLs and cloud metadata endpoints into parameters.
-
-### Auth Bypass Scanner
-Tests for authentication and authorization bypass by manipulating tokens, sessions, and access control headers.
-
-## DAST Findings
-
-Navigate to **DAST > Findings** to see all discovered vulnerabilities.
-
-### Finding List
-
-Each finding shows:
+Navigate to **DAST > Findings** to see all discovered vulnerabilities. Each finding shows:

 | Column | Description |
 |--------|-------------|
@@ -92,21 +74,8 @@ Each finding shows:
 | Method | HTTP method (GET, POST, PUT, DELETE) |
 | Exploitable | Whether the vulnerability was confirmed exploitable |

-### Finding Detail
-
-Click a finding to see full details:
-
- **Vulnerability type** and CWE identifier
- **Endpoint URL** and HTTP method
- **Parameter** that is vulnerable
- **Exploitability** — Confirmed or Unconfirmed
- **Description** — What the vulnerability is and why it matters
- **Remediation** — How to fix the issue
- **Evidence** — One or more request/response pairs showing:
-  - The crafted HTTP request (method, URL, headers)
-  - The payload that triggered the vulnerability
-  - The HTTP response status and relevant snippet
+Click a finding to see full details including the CWE identifier, vulnerable parameter, remediation guidance, and evidence showing the exact request/response pairs that triggered the finding.

 ::: tip
-Findings marked as **Confirmed** exploitable were verified by the scanner with a successful attack. **Unconfirmed** findings show suspicious behavior that may indicate a vulnerability but could not be fully exploited.
+Findings marked as **Confirmed** exploitable were verified with a successful attack payload. **Unconfirmed** findings show suspicious behavior that may indicate a vulnerability but could not be fully exploited.
 :::