Expose ZAP log in DAST
Follow-up of gitlab-org/security-products/dast!24 (comment 188696347):
Problem
There's no easy way for users to get the ZAP output in the DAST job. This means they cannot be sure how the scan was run and the specific details of what happened during the scan.
Proposal
We should make it easier for users to debug the job and check this output.
- print the whole log in the raw output (in this case, I'd suggest to print it "live", so append in the file and
stdout
at the same time).
Potential follow-ons for another iteration
- provide the log as an artifact, to keep the raw output concise and clear
@dappelt @vzagorodny what do you think?
Edited by Sam Kerr