quickstart: Add Scan Policy option to Automated Scan panel

addOns/quickstart/CHANGELOG.md

@@ -4,6 +4,8 @@ All notable changes to this add-on will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
+### Added
+- Add Scan Policy option to the Automated Scan panel.
 
 
 ## [55] - 2026-03-09

addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackPanel.java

@@ -38,6 +38,7 @@
 import org.parosproxy.paros.model.SiteNode;
 import org.parosproxy.paros.view.View;
 import org.zaproxy.zap.extension.alert.ExtensionAlert;
+import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
 import org.zaproxy.zap.extension.search.SearchPanel;
 import org.zaproxy.zap.utils.DisplayUtils;
 import org.zaproxy.zap.view.LayoutHelper;
@@ -52,6 +53,7 @@ public class AttackPanel extends QuickStartSubPanel {
     private ImageIcon icon;
     private JButton attackButton;
     private JButton stopButton;
+    private JComboBox<String> policyField;
     private JComboBox<String> urlField;
     private DefaultComboBoxModel<String> urlModel;
     private JButton selectButton;
@@ -149,6 +151,11 @@ public JPanel getContentPanel() {
             urlSelectPanel.add(this.getUrlField(), LayoutHelper.getGBC(0, 0, 1, 0.5D));
             urlSelectPanel.add(selectButton, LayoutHelper.getGBC(1, 0, 1, 0.0D));
             contentPanel.add(urlSelectPanel, LayoutHelper.getGBC(2, formPanelY, 3, 0.25D));
+            contentPanel.add(
+                    new JLabel(Constant.messages.getString("quickstart.label.policy")),
+                    LayoutHelper.getGBC(
+                            1, ++formPanelY, 1, 0.0D, DisplayUtils.getScaledInsets(5, 5, 5, 5)));
+            contentPanel.add(getPolicyField(), LayoutHelper.getGBC(2, formPanelY, 1, 0.25D));
 
             traditionalSpiderY = ++formPanelY;
             plugableSpiderY = ++formPanelY;
@@ -173,6 +180,29 @@ public JPanel getContentPanel() {
         return contentPanel;
     }
 
+    private JComboBox<String> getPolicyField() {
+        if (policyField == null) {
+            policyField = new JComboBox<>();
+            ExtensionActiveScan extAscan =
+                    Control.getSingleton()
+                            .getExtensionLoader()
+                            .getExtension(ExtensionActiveScan.class);
+            if (extAscan != null) {
+                List<String> policyNames = extAscan.getPolicyManager().getAllPolicyNames();
+                for (String name : policyNames) {
+                    policyField.addItem(name);
+                }
+            }
+        }
+        return policyField;
+    }
+
+    public String getSelectedPolicy() {
+        if (policyField == null) return null;
+        Object selected = policyField.getSelectedItem();
+        return selected != null ? selected.toString() : null;
+    }
+
     private JLabel getProgressLabel() {
         if (progressLabel == null) {
             progressLabel =

addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/AttackThread.java

@@ -29,6 +29,7 @@
 import org.parosproxy.paros.model.SiteNode;
 import org.zaproxy.zap.extension.ascan.ActiveScan;
 import org.zaproxy.zap.extension.ascan.ExtensionActiveScan;
+import org.zaproxy.zap.extension.ascan.ScanPolicy;
 import org.zaproxy.zap.model.Target;
 import org.zaproxy.zap.network.HttpRequestConfig;
 import org.zaproxy.zap.utils.Stats;
@@ -52,6 +53,7 @@ public enum Progress {
     private PlugableSpider plugableSpider;
     private boolean stopAttack = false;
     private boolean useStdSpider;
+    private String scanPolicyName;
 
     private static final Logger LOGGER = LogManager.getLogger(AttackThread.class);
 
@@ -72,6 +74,10 @@ public void setTraditionalSpider(TraditionalSpider traditionalSpider) {
         this.traditionalSpider = traditionalSpider;
     }
 
+    public void setScanPolicyName(String scanPolicyName) {
+        this.scanPolicyName = scanPolicyName;
+    }
+
     public void setPlugableSpider(PlugableSpider plugableSpider) {
         this.plugableSpider = plugableSpider;
     }
@@ -191,7 +197,18 @@ public void run() {
                 return;
             } else {
                 extension.notifyProgress(Progress.ascan);
-                scanId = extAscan.startScan(target);
+                ScanPolicy scanPolicy = null;
+                if (scanPolicyName != null && !scanPolicyName.isEmpty()) {
+                    try {
+                        scanPolicy = extAscan.getPolicyManager().getPolicy(scanPolicyName);
+                    } catch (Exception ex) {
+                        LOGGER.warn("Failed to load policy {}, using default", scanPolicyName);
+                    }
+                }
+                if (scanPolicy == null) {
+                    scanPolicy = extAscan.getPolicyManager().getDefaultScanPolicy();
+                }
+                scanId = extAscan.startScan(target, null, new Object[] {scanPolicy});
             }
 
             try {

addOns/quickstart/src/main/java/org/zaproxy/zap/extension/quickstart/ExtensionQuickStart.java

@@ -319,6 +319,7 @@ public void attack(URL url, boolean useStdSpider) {
         attackThread.setURL(url);
         attackThread.setTraditionalSpider(traditionalSpider);
         attackThread.setPlugableSpider(plugableSpider);
+        attackThread.setScanPolicyName(getQuickStartPanel().getAttackPanel().getSelectedPolicy());
         attackThread.start();
     }
 

addOns/quickstart/src/main/resources/org/zaproxy/zap/extension/quickstart/resources/Messages.properties

@@ -87,6 +87,7 @@ quickstart.label.exploreurl = URL to explore:
 quickstart.label.hud = Enable HUD:
 quickstart.label.hud.warn.scope = Warning: the HUD is only enabled for URLs in scope
 quickstart.label.news = News
+quickstart.label.policy = Scan Policy:
 quickstart.label.progress = Progress:
 quickstart.label.show = Show this tab on start up:
 quickstart.label.tradspider = Use traditional spider: