API Conformance Scan settings
When you create a scan configuration for running Conformance Scan, there are various settings that you can choose to configure. Configuring these settings is entirely optional and not needed in most cases, the default settings that Conformance Scan uses are usually enough. However, for more advanced use, the settings let you tweak some aspects of the scan, such as memory limits.
We have introduced a new version of Conformance Scan, referred to as Scan v2. For backward compatibility and to avoid the adoption of the new version disrupting your day-to-day work, we have retained the previous version, Scan v1. Both versions of Conformance Scan share the same core features and operation, but the new Scan v2 offers additional features and more flexibility. Where applicable, the difference between the versions has been clearly indicated in this documentation.
You can run Scan v1 in 42Crunch Platform or on premises as a Docker image. Scan v2 is currently available as Docker image for on-premises scan, or in v1-compatibility mode for running in 42Crunch Platform.
Here you can find the full list of settings that you can configure for Conformance Scan and how they affect the scan operation. The settings have been grouped according to the scan version (do they apply to Scan v1 or Scan v2) or where the scan is run (on premises).
The property names given in parentheses after the setting name indicate how the setting is called in the Scan v2 scan configuration file.
Settings for all scan types
The following settings are applicable to both Scan v1 and Scan v2, both when run in 42Crunch Platform or on premises.
Setting | Description | Default value |
---|---|---|
Log level (logLevel ) |
The lowest severity level of log messages included in the scan logs. The possible values are, from most verbose to the least, Only Normally, the log level is set in the scan configuration, but when running the scan on premises, you can set it in your Docker command, for example, to simply check how different levels affect the logs. What you need to add to your Docker command depends on which scan version you are using:
If you set the log level to |
error
|
Maximum scan duration (maxScanDuration ) |
How long the scan runs in total (in seconds) before it stops, even if the whole API was not yet scanned. This limit ensures that the scan process will not run indefinitely even if there was an unexpected error causing a loop in the process. | 3600
|
Flow rate (requestFlowrate )
|
How long the scan waits (in milliseconds) before it sends the next request to the API. This setting defines the constant flow rate that the scan uses. | 100
|
Follow redirects (responseFollowRedirection ) |
Define if the scan follows redirects (
|
false |
Settings for all on-premises scans
The following settings are applicable to both Scan v1 and Scan v2 when run on premises.
Setting | Description | Default value |
---|---|---|
Max consumed memory (memoryLimit ) |
How much memory (in bytes) you allow the scan process to consume. The scan stops when it reaches this value. This limit ensures that the scan process does not consume more memory than what you have available. To switch this limit off, set the value to 0 . |
2147483648
|
Memory check interval (memoryTimeSpan ) |
How often (in seconds) the current memory consumption of the scan process is assessed. | 30 for
Scan v1, 10 for
Scan v2 |
Include only issues in the report (reportIssuesOnly ) |
This setting determines what Conformance Scan includes in the scan report:
In Scan v1, you can control this with a flag in your Docker command, see Change the scan report scope. |
false
|
Max report size (reportMaxSize ) |
The maximum scan report size (in bytes). The scan stops when the size limit is reached. In Scan v1, you can control this with a flag in your Docker command, see Change the scan report size limit. If you run Conformance Scan in 42Crunch Platform, you cannot change maximum scan report size. However, when running the scan on premises, you can increase the maximum report size up to 128 MB. Large scan reports can take a long time to load in your browser. Depending on your browser memory limits and your device, if your scan report size exceeds 20 MB, you may not be able to view the scan report correctly on the platform UI. However, larger reports can be viewed in IDE. For more details on running Conformance Scan in IDE, see IDE integration. |
20971520
|
Timeout (requestTimeout ) |
The maximum time (in seconds) that the scan waits for a response from the API. We do not recommend setting the timeout value to In Scan v1, you can control this with a flag in your Docker command, see Specify longer timeout for the on-premises scan. |
30
|
Settings for Scan v2
The following settings are only applicable to the scan configuration for Scan v2.
Setting | Description | Default value |
---|---|---|
API connectivity check (apiConnectivityCheck ) |
The setting controls that Conformance Scan checks connectivity to API when running the scan. If connectivity is lost, the scan stops. If you set log level to This setting is only supported in the Scan v2 Docker image |
true
|
Happy path only (happyPathOnly ) |
This setting controls which requests are included in the scan. By default, Conformance Scan first sends happy path requests to establish the baseline for the normal API behavior, then the actual test requests (conformance requests) to detect any problems in how the API implementation conforms to the API definition. If set to |
false
|
Scan testing mode (laxTestingModeEnabled ) |
Scan testing mode changes how Conformance Scan deals with failed happy path requests:
Lax scan testing mode is only supported in the Scan v2 Docker image |
false
|
Log destination (logDestination ) |
The destination where Conformance Scan pushes all logs that it produces during a scan. The possible values are stdout , files , and platform . You can select multiple outputs by adding the character + between the values. |
stdout+platform
|
Max log file size (logMaxFileSize ) |
The maximum size (in bytes) allowed for the log file that Conformance Scan produces when the log destination includes files . |
2147483648
|
Number of retry attempts after a timeout (maxTimeoutRetryAttempts ) |
This setting controls how many times Conformance Scan retries sending a request that times out. If the request continues to time out when the limit is reached, the scan stops. This setting is only supported in the Scan v2 Docker image |
5
|
Generate cURL command (reportGenerateCurlCommand ) |
This setting controls if Conformance Scan includes the corresponding cURL request for each conformance request in the scan report. If you want to restrict the file size of your scan report, you can switch this to false to leave the cURL requests out of the scan report. |
true
|
Include request body in the report (reportIncludeRequestBody ) |
This setting controls if Conformance Scan includes the request bodies of the tests that it sends into the scan report:
This allows you to efficiently restrict the report size if you cannot scale up the required resources for the scan. This setting is only supported in the Scan v2 Docker image |
true
|
Include response body in the report (reportIncludeResponseBody ) |
This setting controls if Conformance Scan includes the response bodies that it receives from the API into the scan report:
This allows you to efficiently restrict the report size if you cannot scale up the required resources for the scan. This setting is only supported in the Scan v2 Docker image |
true
|
Max reported issues (reportMaxIssues ) |
The maximum number of problems that Conformance Scan can uncover and include in the scan report before it must stop. This setting helps to control the report size: you can iterate on scanning your API, and as you fix the problems found in previous scans, the scan keeps including subsequently discovered problems. | 1000
|
Max stored response body size for happy path requests (reportMaxBodySizeHappyPath ) |
The maximum response body size (in bytes) that the scan includes in the scan report for a happy path request. | 8092
|
Max stored response body size for test requests (reportMaxBodySizeTest ) |
The maximum response body size (in bytes) that the scan includes in the scan report for a test request. | 8092
|
Max stored happy path response size (reportMaxHttpResponseSizeHappyPath ) |
The maximum size (in bytes) of the HTTP responses received for a happy path request that is included in the scan report. | 8092
|
Max stored response size for test requests (reportMaxHttpResponseSizeTest ) |
The maximum size (in bytes) of the HTTP responses received for a test request that is included in the scan report. | 8092
|
Max stored happy path request size (reportMaxRequestSizeHappyPath ) |
The maximum size (in bytes) of the HTTP requests that the scan sends for a happy path request that is included in the scan report. This setting is only supported in the Scan v2 Docker image v2.0.3 or higher. |
8092
|
Max stored request size for test requests (reportMaxRequestSizeTest ) |
The maximum size (in bytes) of the HTTP requests that the scan sends for a test request that is included in the scan report. This setting is only supported in the Scan v2 Docker image v2.0.3 or higher. |
8092
|
Transaction ID header (requestHeaderNameRequestId ) |
The name of the header that contains the request ID of the request that Conformance Scan sends. | x-scan-request-id
|
Scenario ID header (requestHeaderNameScenarioId ) |
The name of the header that contains the scenario ID of the request that Conformance Scan sends. | x-scan-scenario-id
|
Request type header (requestHeaderNameRequestType ) |
The name of the header that states the type (happy path, unhappy path, conformance, authentication...) of the request that Conformance Scan sends. This setting is only supported in the Scan v2 Docker image |
x-scan-request-type
|
Skip TLS verification (requestTlsInsecureSkipVerify ) |
This setting controls how Conformance Scan handles certificates in TLS verification:
|
true
|
Max size for a response body (responseMaxBodySizeScan ) |
The maximum body size (in bytes) that Conformance Scan consumes from an API response, to avoid massive memory consumption. | 10485760
|
Settings for Scan v1
The following settings are only applicable to the scan configuration for Scan v1, both when run in 42Crunch Platform or on premises.
Setting | Description | Default value |
---|---|---|
Connectivity GET call |
By default, Scan v1 sends a request However, sometimes this is not supported by the API implementation and the scan fails to start. In this case, you can use this setting to switch off the connectivity check completely to avoid the false negative on the connectivity because the API implementation did not respond as Conformance Scan expected. |
On
|
JSON complexity check |
Is the complexity of the JSON checked or not. This check safeguards against overly complex API definition that could lead the scan taking up too long and consuming too much system resources. |
Off
|