Generate security dashboard report
Problem
API Fuzzer does not generate security vulnerability reports. This prevents integration with security dashboard.
Proposal
API Fuzzer will be modified to produce a report using Secure’s Vulnerability Reporting format. This will provide integration with the Security Dashboard, providing the initial UX for API Fuzzer. Additional fields will be added to the DAST schema to accommodate API fuzzing results.
To support Secure’s Vulnerability Report it is proposed:
- Changes to the existing schema are made to support the data provided by API Fuzzer
-
A new controller is added to Peach.Web.Controllers.Api modeled after the JUnitController. -
The various language APIs are updated to support the new report method Minimum required change is Python API -
The CI runner is modified to support the new report method -
The CLI is modified to support the new report method
Edited by Michael Eddington