Disable the DAST Unix Timestamp Vulnerability Check

Problem to solve

The Unix Timestamp Disclosure vulnerability should be disabled by default because it often causes False Positive results.

This issue is the first attempt to build a GitLab specific set of vulnerability definitions.

Intended users

• Sasha (Software Developer)
• Alex (Security Operations Engineer)

Proposal

Passive scans should not check for this rule. It should:

• Not appear in JSON outputs as a vulnerability
• Not appear in the log output as having been a rule that is executed (or at least, indicate that it was skipped)

What is the type of buyer?

Gold/Ultimate