Skip to content

GitLab Next

    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Menu
    Projects Groups Snippets
  • Get a free trial
  • Sign up
  • Login
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 43,111
    • Issues 43,111
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,362
    • Merge requests 1,362
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #118641
Closed
Open
Created Dec 17, 2019 by Cameron Swords@cam_swordsDeveloper

Disable individual rules/scanners in DAST Scanner

Problem to solve

Occasionally, given a certain site running in a particular environment, a ZAP rule will always produce a vulnerability even though the users knows it is a false positive. The user may wish to disable the particular rule.

Intended users

  • Sasha (Software Developer)
  • Sam (Security Analyst)

Further details

This has been verified that it is useful to users in the following ZAP user forum thread https://groups.google.com/forum/#!topic/zaproxy-users/p1aXvO6oWu4.

The DAST team have encountered problems with dynamic data in end to end tests that would also be solved by this issue.

Proposal

A command line argument should be provided at DAST runtime of scanner rule ID's to exclude. There should also be a way of finding out what IDs are possible to provide.

Documentation

Documentation should provide users the understand on how to use the feature.

What is the type of buyer?

Ultimate

Edited Dec 20, 2019 by Seth Berger
Assignee
Assign to
Time tracking