Member Testing Guide

⚙️

System Requirements

Node.js, Docker, PostgreSQL, Redis, Checkov, Semgrep, Prowler — exact version requirements and installation tips for all scan engines

🔧

Environment Variables

20 environment variables with Required / Optional status and purpose for each — including AWS credentials for cloud audit tests

🐳

Docker Scanner Setup

How to start ZAP, Checkov, Semgrep, and Prowler via Docker Compose and verify each scanner before running tests

🏗️

IaC Scanning Tests

5 tests covering Checkov entitlements (Starter lite vs Pro full), docker_unavailable handling, drift detection, and framework coverage

🔬

SAST Tests

4 tests verifying Semgrep runner entitlements, CWE/OWASP finding mapping, Pro+ gating, and docker_unavailable retry logic

☁️

Cloud Audit Tests

4 tests for Prowler credential validation, entitlement gating, AWS/Azure/GCP scan runner, and timeout handling

👥

Multi-User Team Tests

5 tests covering invite flow, Admin/Member RBAC enforcement, scan sharing, and team capacity limits

▶️

Running All 61 Tests

Full suite, single-file, filtered runs, and verbose output — every command you need

📋

Test Reference Table

All 61 tests listed with what each verifies and its functional category

🔍

Troubleshooting

Common failures and how to fix them — from missing Docker images to ZAP connection errors and AWS credential issues

iac-scan-entitlement · iac-scan-checkov-runner · iac-scan-lite-vs-full · iac-scan-docker-unavailable · iac-drift-detection

sast-scan-entitlement · sast-semgrep-runner · sast-findings-cwe-mapping · sast-docker-unavailable

cloud-audit-entitlement · cloud-audit-prowler-runner · cloud-audit-credential-validation · cloud-audit-docker-unavailable

team-invite-flow · team-rbac-admin · team-rbac-member · team-scan-sharing · team-capacity-limit

api-chat-security · security-headers · security-redact · scan-report-pdf-csp · trusted-ip · json-ld-safe

auth-session-dlp · cron-bearer · pentest-permissions · real-pentest-authz

scan-entitlement · pro-scan-pen-testing · trial-scan-results · billing-pwa-membership-parity

scan-jobs-store · scan-profiles · scan-queue-burst · scan-url-defaults · findings-last-result-poll · dashboard-active-scan

scan-report-export · scan-report-pdf-export · scan-report-pdf-render · scan-reports-list

browser-download · platform-asset-delete · gdpr-rights-endpoints

header-nav-layout · homepage-cta-hierarchy · pricing-card-badge · troubleshooting-contrast · vulnerability-scan-form-unification · workspace-delete-app-ui

ci-smoke · scan-status-copy · scan-reports-list · workspace-scan-history-copy · stripe-locale · mailer-smtp-errors · nav-help-routes · platform-notifications · pwa-browser-ui-family · pwa-uninstall-manage · desktop-installers