-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: add pages build scan documentation
- Loading branch information
Showing
3 changed files
with
24 additions
and
0 deletions.
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| --- | ||
| title: Build Scans | ||
| permalink: /pages/documentation/build-scans/ | ||
| layout: docs | ||
| navigation: pages | ||
| sidenav: pages-documentation | ||
| --- | ||
|
|
||
|
|
||
| Builds Scans are a new experimental feature being offered by Pages. | ||
|
|
||
| For select site builds, users can see scan results which check their website for security vulnerabilities, accessibility violations, and other relevant information to help improve their site. These scans begin running after a build completes. When the scan finishes, the results are available as downloadable HTML files for easy sharing among team members. There are currently two scans available: ZAP Security Scan and Accessibility Scan. If you are interested in being part of the beta test of this new feature, please email us at [email protected]. | ||
|
|
||
|  | ||
|
|
||
| ## ZAP Security Scan | ||
|
|
||
| The ZAP Security Scan tests your published website for common security vulnerabilities. It uses the [Zed Attack Proxy (ZAP)](https://www.zaproxy.org/) software to passively scan the site for vulnerabilities but does not perform any attack or attempt to maliciously modify your site code. Example security findings include unintended exposure of sensitive data, SQL injection opportunities, cross-site scripting (XSS) flaws, and the use of components with known vulnerabilities. More details about the scan mechanisms and the resulting file output can be found at [ZAP - Baseline Scan](https://www.zaproxy.org/docs/docker/baseline-scan/) | ||
|
|
||
| ## Accessibility Scan | ||
|
|
||
| This scan identifies website accessibility violations from [Section 508](https://www.section508.gov/) and the [latest WCAG version](https://www.w3.org/TR/WCAG22/). The scan first crawls your website to identify all pages to test. It then uses the open source portion of [`axe`](https://www.deque.com/axe/) to identify accessibility violations. The final scan is a custom report generated from the `axe` output. |