# QA360 Example: Security Suite
# Comprehensive security testing (SAST, DAST)

version: 2
name: security-test-suite
description: Security testing with SAST and DAST scans

gates:
  api-health:
    adapter: playwright-api
    enabled: true
    config:
      baseUrl: "https://api.example.com"
      smoke:
        - "GET /health -> 200"

  sast:
    adapter: semgrep-sast
    enabled: true
    config:
      rules:
        - security
        - owasp-top-10
      paths:
        - src/
        - lib/
    budgets:
      high_findings: 3
      medium_findings: 10

  dast:
    adapter: zap-dast
    enabled: true
    config:
      target: api
      profile: baseline
      url: "https://api.example.com"
      scanType: baseline
    budgets:
      high_findings: 5
      medium_findings: 20

  secrets:
    adapter: gitleaks-secrets
    enabled: true
    config:
      paths:
        - .
        - src/
        - config/
    budgets:
      critical_findings: 0

execution:
  default_timeout: 120000
  default_retries: 1
  on_failure: continue
  parallel: false