Disable individual rules/scanners in DAST Scanner
Problem to solve
Occasionally, given a certain site running in a particular environment, a ZAP rule will always produce a vulnerability even though the users knows it is a false positive. The user may wish to disable the particular rule.
This has been verified that it is useful to users in the following ZAP user forum thread https://groups.google.com/forum/#!topic/zaproxy-users/p1aXvO6oWu4.
The DAST team have encountered problems with dynamic data in end to end tests that would also be solved by this issue.
A command line argument should be provided at DAST runtime of scanner rule ID's to exclude. There should also be a way of finding out what IDs are possible to provide.
Documentation should provide users the understand on how to use the feature.