Provided that you have the right role, you can create and schedule new scans for a site.
- To create a new scan, go to "Scans" > "Create a new scan". Alternatively, you can open a site and click the "New scan" button from the site details page.
- Select the site on which you want to perform the scan. If you created the scan from within a site, this will be preselected for you. However, you can change this to a different site if you want.
- Select whether you want the scan to start as soon as possible, that is, as soon as an agent is available, or schedule the scan to start at a specific time.
- Select whether you want to create a one-time scan or whether you want to schedule a scan that should be performed repeatedly at a regular interval. Recurring scans are useful for generating plenty of data so that you can keep track of how your security posture is improving over time. For example, you can combine this setting with the start time to create a scan that runs every day at midnight.
- If you chose to create a recurring scan, select whether to schedule this scan to repeat forever, a fixed number of times, or until a particular date.
- The scan configurations are preselected based on the default scan configurations that are defined for the site. However, you can override the default configuration if you want. From the drop-down list, you can see all scan configurations provided by Burp Suite Enterprise Edition. You can combine multiple scan configurations to customize the scan however you want. Alternatively, you can upload a custom scan configuration in JSON format.
- When you are happy, click "Save". The scan is scheduled and you will be taken back to the "Scans" page.
- Refresh the page and your new scan should now be shown in the list with either the status "Waiting for agent" or "Scheduled" depending on whether you chose to start the scan immediately or not.