Updated Schema-Based Testing documentation#2017
Open
permissiondenied1337 wants to merge 2 commits into
Open
Conversation
✅ Deploy Preview for pensive-dubinsky-5f7a00 ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
| 1. Go to the **Security Testing** → **Schema-Based** → **Test policies** tab and create [at least one policy](#test-policy-types). | ||
| 1. Go to **Security Testing** → **Schema-Based** → **Test policies** and create [at least one policy](#test-policy-types). | ||
|
|
||
| After both steps are completed, the **Schema-Based** entry appears in the left menu under **Security Testing**. |
Collaborator
There was a problem hiding this comment.
?? the 2nd step from the above should be done in the Schema-Based section already. So, I guess, the section appears once the subscription is assigned
| After both steps are completed, the **Schema-Based** entry appears in the left menu under **Security Testing**. | ||
|
|
||
| ## Prerequisites | ||
|
|
Collaborator
There was a problem hiding this comment.
Postman collection is also a prerequisite
| This includes the case when Wallarm itself is used as the protection tool for these domains - see details on Wallarm's allowlist [here](../../user-guides/ip-lists/overview.md). | ||
| This applies when Wallarm itself protects the target domain — see details on Wallarm's allowlist [here](../../user-guides/ip-lists/overview.md). | ||
|
|
||
| ## Test policy types |
Collaborator
There was a problem hiding this comment.
this section can be removed
| @@ -7,474 +7,298 @@ This article describes how to enable and configure Wallarm's [Schema-Based Testi | |||
| Schema-Based Testing is disabled by default. To enable: | |||
|
|
|||
Collaborator
There was a problem hiding this comment.
The setup article is overloaded now and it also repeats some content from overview. I would change the structure of this section to the following:
| File | Purpose | Contents |
|---|---|---|
| overview.md | Concepts only | What Schema-Based Testing is, the AI-driven engine, scan modes (Active/Passive) as a concept, short definition of a strategy, comparison with API Security Testing via Postman, links to the other pages. No procedural steps. |
| setup.md | Quickstart: first run | Activate the subscription → create token → add client IP to allowlist → create a policy from a Postman collection → copy the Docker command → run it → see results. No flags, no CI/CD, no advanced options. |
| strategies.md | Strategies reference | Full catalog of default Active and Passive strategies (the tables currently in overview), how to create a custom strategy, how to enable/disable strategies in a policy. |
| docker-reference.md | Docker reference & CI/CD | Three run modes (with policy / without policy / mixed override), environment variables, full --help output, test run success criteria (FAIL_SEVERITY), report generation (JSON/CSV/JUnit), HAR request/response log export, mTLS, editing and deleting policies. |
| explore.md | Exploring test run results | Test runs list, run details (Health Checks, Errors & Warnings, Tests stages, Strategies/hypotheses, Docker output), reviewing detected security issues in Security Issues, downloading initial files. Mostly unchanged from current explore.md. |
| * Information on previous test runs remains untouched. | ||
| * You will not be able to start a Docker run based on the deleted policy. | ||
| * If the policy's Docker containers are running, they continue to run and the testing continues. | ||
| * When the policy's Docker containers stop, you cannot re-run them. |
Collaborator
There was a problem hiding this comment.
all screenshots except for images/vulnerability-detection/sbt-docker-container-output.png should be replaced
| @@ -573,7 +401,7 @@ mTLS flags: | |||
|
|
|||
Collaborator
There was a problem hiding this comment.
- general comment: ask claude update other articles referencing to the schema-based testing docs so that they reflect the changed core of the feature
| * Lightweight execution via a Docker container, with run progress and aggregated results streamed back to Wallarm Cloud. | ||
|
|
||
|  | ||
|  |
Collaborator
There was a problem hiding this comment.
The screenshot should show an expanded test run with detected security issues. Please keep the left navigation visible — our convention for screenshots is to capture the full UI and highlight the area referenced in the surrounding text, rather than cropping to that area.
AnastasiaTWW
force-pushed
the
llm-based-schema-testing
branch
from
f499f2f to
0b00e0b
Compare
AnastasiaTWW
force-pushed
the
llm-based-schema-testing
branch
from
0b00e0b to
bae4e3f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Actual Schema-Based Testing documentation.