chore(stoneintg-1118): add guide for rapidast scan I.T.

Signed-off-by: jcullina <jcullina@redhat.com>

docs/modules/ROOT/pages/how-tos/_nav.adoc

@@ -29,6 +29,7 @@
 **** xref:how-tos/testing/integration/choosing-contexts.adoc[Choosing when to run certain Integration Tests]
 **** Third Parties
 ***** xref:how-tos/testing/integration/third-parties/testing-farm.adoc[Testing with Testing Farm]
+***** xref:how-tos/testing/integration/third-parties/testing-rapidast.adoc[Testing with RapiDAST]
 ** xref:how-tos/metadata/index.adoc[Inspecting provenance and attestations]
 *** xref:how-tos/metadata/sboms.adoc[Inspecting SBOMs]
 *** xref:how-tos/metadata/attestations.adoc[Inspecting artifact attestations]

docs/modules/ROOT/pages/how-tos/testing/integration/third-parties/testing-rapidast.adoc

@@ -0,0 +1,68 @@
+= RapiDAST
+
+In this guide, you'll learn how to xref:/how-tos/testing/integration/adding.adoc[add a custom integration test] in {ProductName} that uses link:https://github.com/RedHatProductSecurity/rapidast[RapiDAST] as a third-party tool for dynamic application security testing. 
+
+.Prerequisites
+
+. You have xref:/how-tos/creating.adoc[created an application] in {ProductName}
+
+. You are familiar with link:https://github.com/RedHatProductSecurity/rapidast?tab=readme-ov-file#rapidast[RapiDAST documentation]
+
+. You have chosen a RapiDAST configuration file and are ready, or have the necessary details, to complete one. Refer to the RapiDAST link:https://github.com/RedHatProductSecurity/rapidast?tab=readme-ov-file#configuration[documentation] for templates and examples.
+
+. You have selected the scanner you want to use with RapiDAST, ZAP, Nessus or a generic scanner. Refer to the RapiDAST link:https://github.com/RedHatProductSecurity/rapidast?tab=readme-ov-file#exporting-to-google-cloud-storage[documentation] for available scanners and their configurations.
+
+. You have access to a git repository containing the link:https://github.com/RedHatProductSecurity/rapidast?tab=readme-ov-file#an-openapi-schema[OpenAPI] specification of your application or another supported entry point (e.g., endpoints, spiders, etc.).
+
+. Optional - You have access to link:https://github.com/RedHatProductSecurity/rapidast?tab=readme-ov-file#exporting-to-google-cloud-storage[Google Cloud Storage] to facilitate export and storage of scan results.
+
+NOTE: The RapiDAST scan is intended to be used in testing environments, and should not be used on production systems.
+
+.Procedure
+
+This link:https://github.com/jenculltesting/rh-trex-test/blob/main/.tekton/rapidast-scan.yaml[sample integration test] with RapiDAST has the following tasks/steps: 
+
+. Provision Environment:
++ 
+Creates an ephemeral environment to deploy the application.
++
+
+. Deploy Application (deploy-app):
++
+Deploys the application using the provided SNAPSHOT configuration.
++
+Processes deployment manifests (e.g., services, secrets, databases) and applies them to the cluster.
++
+Outputs the application’s URL for further testing.
++
+
+. Set Up Testing (setup-test):
++
+Sets up port-forwarding to securely access the deployed application using a sidecar.
++
+Authenticates with the application and retrieves an authenticated base URL.
++
+Prepares the RapiDAST configuration file for scanning.
++
+
+. Run RapiDAST Scan (run-rapidast):
++
+Executes RapiDAST using the dynamically prepared configuration file.
++
+Runs API and active scanning (e.g., ZAP) and generates security reports (JSON, HTML).
++
+Exports results to the results/ directory for analysis.
++
+
+
+.Verification
+
+When the new build is finished:
+
+. Go to the *Integration tests* tab and select the highlighted name of your test.
+
+. Go to the *Pipeline runs* tab of that test and select the most recent run.
+
+.  On the *Details* page, you can see if the test succeeded for that component. Navigate to the other tabs for more details. 
+
+. xref:/how-tos/testing/integration/editing.adoc[Edit the integration test] if it is not properly configured.