Passive scan does not have the same scan policy configuration as active scan

[BlackUsteak]

Is your feature request related to a problem? Please describe.

In active scanning I can configure scanning policy beforehand and select scanning policy before scanning. But in passive scanning I can only scan as per global configuration.

Describe the solution you'd like

It would be great if passive scanning had the same policy configuration as active scanning!

Describe alternatives you've considered

Changing the passive scanning policy while a passive scan is in progress affects the detections, which can be solved if a copy of the detections is cached at the beginning of the scan.

Screenshots

No response

Additional context

No response

Would you like to help fix this issue?

• Yes

[psiinon]

That is because they work in very different ways.
An active scan is something that has a start and an end.
You can have multiple active scans hapenning at once.
Passive scanning happens in the background.
In theory we could check to see what initiated a request in order to associate it with a different passive scan policy, but it wont be easy.
Note that in automation the recommended strategy is to run one ZAP instance for each scan, in which case the global passive scan is not an issue.
I'm not saying we wont do this .. but I dont see it being a priority right now..

[thc202]

Related issue #3870 (and comment #3870 (comment)).