Breaking changes for DAST 14.0
Problem to solve
When release 14.0 comes out in 2021, there will be a bunch of DAST functionality that should be deprecated and removed.
This issue is a placeholder for items to add to that list. We can add to this issue as the year progresses.
Release a DAST Major Release
- We should release a DAST major release,
2.0.0. - We can update the DAST template to use
DAST_VERSION2
Deprecated items
- Change the default browser from firefox to Chromium #289962 (closed)
- Remove the legacy ZAP format fields, #33915 (closed)
- Rename
DAST_AUTH_EXCLUDE_URLStoDAST_EXCLUDE_URLS#289959 (closed) - Look at removing renamed environment variables (e.g.
AUTH_PASSWORD->DAST_AUTH_PASSWORD) [DONE but not deprecated] Release Post Issue - Remove the DAST Validation. #293595 (closed)
- This repository should be archived in 14.0, https://gitlab.com/gitlab-org/security-products/codequality
-
-sconfiguration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!219 (comment 379548118) -
-nconfiguration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!253 (merged) -
-pconfiguration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!246 (merged) -
-Dconfiguration option does not work and should be removed in 14.0: gitlab-org/security-products/dast!291 (merged) -
-Tshould be replaced with--zap-max-connection-attemptsand--passive-scan-max-wait-time - Default
DAST_SPIDER_START_AT_HOSTto false #267403 (closed) - Remove
AUTH_DISPLAYandDAST_AUTH_DISPLAY
Items to deprecate if we have time
-
vulnerability.cveis being removed, and will be replaced byvulnerability.id#209850 (closed)
Questions/Miscellaneous
- Do we need to apply patch updates to the
DAST:1image for a period of time? - GitLab Rails should state which versions of the DAST schema are supported.
Edited by Avielle Wolfe