/gaia-test-dast

user-facing

Category:: Testing
Lifecycle phase:: Anytime
Arguments:: [story-key] [--adapter owasp-zap] [--target-url URL] [--profile baseline or full or api]

What it does

Executes post-deploy dynamic application security tests via the OWASP ZAP adapter. Scans a live endpoint for security vulnerabilities and applies LLM judgment to triage findings by project risk profile.

When to use it

You need to run dynamic security testing against a deployed application.

Prerequisites

OWASP ZAP must be installed on the system.

How to invoke

/gaia-test-dast E3-S7
/gaia-test-dast --adapter zap
/gaia-test-dast --target-url https://staging.example.com
/gaia-test-dast --profile baseline
/gaia-test-dast E3-S7 --adapter zap --target-url https://staging.example.com --profile full

What it does step by step

See the description above for the high-level flow. The command handles all steps automatically.

Inputs

Input	Source	Description	Example
`story-key`	Positional argument (optional)	Links the run to a story's Review Gate.	`/gaia-test-dast E3-S7`
`--adapter`	Argument (optional)	Override the configured DAST adapter.	`/gaia-test-dast --adapter zap`
`--target-url`	Argument (optional)	Override the target URL to scan.	`/gaia-test-dast --target-url https://staging.example.com`
`--profile`	Argument (optional)	Scan profile: baseline, full, or api.	`/gaia-test-dast --profile baseline`

Outputs

Structured verdict with security findings ranked by severity.

Example session

> /gaia-test-dast --target-url https://staging.example.com

Running...
(Command output varies by project and configuration.)

What to run next

Follow the suggestions displayed at the end of the command output.

Troubleshooting

Check that prerequisite files and tools are in place. The command provides specific error messages with guidance when something is missing.