Traceable allows you to enable API security testing (AST) and replays for the available environments. This helps when you do not wish to run scans on specific environments or reduce costs by turning off replays. For example, if the production environment contains critical data, you can disable AST for that environment to prevent unintentional testing by other users. Once disabled, you cannot create suites or run scans on this environment. However, you can always view the history of scans executed on the environment from the Suites page under Testing → Security Testing.
Note
Only users with the Security admin role or corresponding permissions can modify the settings on this page. For information about different roles, see Team and roles - RBAC.
In the Traceable platform, click Testing → Settings → Environment Config to access the available environments and their control options. The following section explains the various components on this page, along with their description:
Environment Config
Environment — Lists all the environments available in your account. By default, 50 environments are listed on a page.
AST Status — Shows whether testing is enabled or disabled for the corresponding environment.
Replay Status — Shows whether XAST Replay is enabled or disabled for the corresponding environment.
Stored APIs — Displays the number of APIs with stored data in the selected environment, used for scans with XAST Replay traffic. Click the number to view the APIs and their latest traces.
Note
A blank cell represents that no data has been stored for the APIs in the corresponding environment.
By default, the Environment Config page lists 50 environments. You can click Next at the bottom of the page to view the other environments (if any). You can also change the number of environments visible on this page by clicking on the number in Show <Number> per page.
Actions
Traceable allows you to carry out multiple actions on the Environment Config page. These actions provide you with granular control over the environments in your application.
To carry out these actions, click Enabled/Disabled under the AST Status/Replay Status column corresponding to the respective Environment name. In the Configure AST pop-up window, perform the necessary action.
Environment Config Actions
Enable Security Testing
The Enable AST toggle in the pop-up window allows you to enable security testing for the environment. Once you click the toggle, Traceable allows you to create suites and quick scans for the environment. If you disable the toggle, you can only view scans that have been previously created.
Enable XAST Replay
The Enable Replay toggle in the pop-up window allows you to enable XAST replay for the environment. Once you click the toggle, Traceable allows you to select XAST Replay as the traffic type while creating a suite or quick scan for the environment. For more information on XAST Replay, see Understanding Suites and Traffic Types.
You can also choose to add conditions for running the replay scan on a subset of stored APIs. For more information, see Filter Traffic.
Note
Enabling this option, further, using XAST Replays in scans may result in additional costs at your end as XAST Replays are long-running tasks that require additional resources as compared to other traffic types.
View Stored APIs
If you selected XAST Replay as the traffic type while creating a suite or quick scan, Traceable uses these stored APIs to execute the scan. Click View APIs to see the list of stored APIs and their corresponding traces.
Filter Traffic
Traceable allows you to add conditions for running the replay scan on a subset of stored APIs. To do so, you can click Add Condition and:
Select the Location on which you wish to apply the filter.
Select and specify the parameters under Attribute Key.
Select and specify the parameters under Attribute Value.
Similarly, you can add multiple conditions to filter the stored APIs. However, the API traffic must fulfil all the conditions for Traceable to run scans on it.