Enable active scan for DAST
Problem to solve
Right now DAST is relying on Passive Scan by ZAP. This is safe as it doesn't perform any real attack, but it can spot only a portion of the possible vulnerabilities.
ZAP has also Active Scan that performs several additional checks. We can consider running those tests as an alternative on Review Apps.
We can consider to use a variable to define if the Active Scan should be executed or not. It may take a long time, so we should evaluate if is is worth.
Implement Active Scan for ZAP to support additional DAST checks in Auto DevOps.
What does success look like, and how can we measure that?
Users enable DAST with Active Scan